From 93e3f265b451acd00e1bd71c09dde2b7b3c4397d Mon Sep 17 00:00:00 2001 From: Jacob Floyd Date: Fri, 12 Apr 2024 01:56:53 -0500 Subject: [PATCH 1/5] fix script in job-st2canary-for-writable-packs-volume (#411) Fixes #388 --- CHANGELOG.md | 2 +- templates/jobs.yaml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9d3a215..00977a67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ # Changelog ## Development -* Fix syntax with ensure-packs-volumes-are-writable job (#403) (by @skiedude) +* Fix syntax with ensure-packs-volumes-are-writable job (#403, #411) (by @skiedude) * Add securityContext support to custom st2packs images, extra_hooks jobs; Also fallback to st2actionrunner securityContext for misc init container jobs and pods. (#410) (by @cognifloyd) * Stop generating the DataStore Secret (#385) and checksum labels (#391) when existing secret provided or disabled (by @bmarick) * Stop generating the checksum labels for Auth Secret (#392) when existing secret provided or disabled (by @bmarick) diff --git a/templates/jobs.yaml b/templates/jobs.yaml index 0f6792ec..592936fb 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -532,7 +532,7 @@ spec: # readOnly: false # ephemeral volumes could also work, ... but that config is even deeper. command: - - 'sh' + - 'bash' # -e => exit on failure # -E => trap ERR is inherited in subfunctions - '-eEc' @@ -545,7 +545,7 @@ spec: INTRO function __handle_error__ { - cat <<- 'FAIL' + cat <<- ' FAIL' ERROR: One or more volumes in st2.packs.volumes (from helm values) does not meet StackStorm's shared volumes requirements! see: https://github.com/StackStorm/stackstorm-k8s#method-2-shared-volumes @@ -565,6 +565,7 @@ spec: echo done echo DONE + volumeMounts: {{- include "stackstorm-ha.packs-volume-mounts" $ | nindent 8 }} {{/* do not include the pack-configs-volume-mount helper here */}} From 209af8b8e329f0c2501d536cc1e652b5d2e5a7a5 Mon Sep 17 00:00:00 2001 From: Jacob Floyd Date: Fri, 12 Apr 2024 08:14:12 -0500 Subject: [PATCH 2/5] Add `image.entrypoint` value to support custom entrypoints like `dumb-init` (#413) * add dumb-init entrypoint * add image.entrypoint value * add changelog entry * add tests for image.entrypoint * correct command exists test assertions * old helm-unittest has isNull not notExists --- CHANGELOG.md | 1 + templates/_helpers.tpl | 6 + templates/deployments.yaml | 12 ++ tests/unit/image_entrypoint_test.yaml | 243 ++++++++++++++++++++++++++ values.yaml | 8 + 5 files changed, 270 insertions(+) create mode 100644 tests/unit/image_entrypoint_test.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 00977a67..063aa9ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * Stop generating the DataStore Secret (#385) and checksum labels (#391) when existing secret provided or disabled (by @bmarick) * Stop generating the checksum labels for Auth Secret (#392) when existing secret provided or disabled (by @bmarick) * Use `image.pullPolicy` for all containers including init containers that use `image.utilityImage`. (#397) (by @jk464) +* Add new `image.entrypoint` value to simplify using a custom entry point like `dumb-init` or `pid1` (if installed in the image). (#413) (by @cognifloyd) ## v1.0.0 * Bump to latest CircleCI orb versions (kubernetes@1.3.1 and helm@3.0.0 by @ZoeLeah) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 964618d7..9cadeeab 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -181,6 +181,12 @@ Reduce duplication of the st2.*.conf volume details {{- end }} {{- end -}} +{{- define "stackstorm-ha.st2-entrypoint" -}} + {{- range $.Values.image.entrypoint }} +- {{ toYaml . }} + {{- end }} +{{- end -}} + # Override CMD CLI parameters passed to the startup of all pods to add support for /etc/st2/st2.secrets.conf {{- define "stackstorm-ha.st2-config-file-parameters" -}} - --config-file=/etc/st2/st2.conf diff --git a/templates/deployments.yaml b/templates/deployments.yaml index fae31be2..7cbceded 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -76,6 +76,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2auth {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2auth.env }} @@ -203,6 +204,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2api {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2api.env }} @@ -335,6 +337,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2stream {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2stream.env }} @@ -580,6 +583,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2rulesengine {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2rulesengine.env }} @@ -697,6 +701,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2timersengine {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2timersengine.env }} @@ -804,6 +809,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2workflowengine {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2workflowengine.env }} @@ -922,6 +928,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2scheduler {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2scheduler.env }} @@ -1038,6 +1045,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2notifier {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2notifier.env }} @@ -1213,6 +1221,7 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2sensorcontainer {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if $one_sensor_per_pod }}{{/* only in st2.packs.sensors[] */}} @@ -1375,6 +1384,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2actionrunner {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2actionrunner.env }} @@ -1509,6 +1519,7 @@ spec: #livenessProbe: #readinessProbe: command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - /opt/stackstorm/st2/bin/st2garbagecollector {{- include "stackstorm-ha.st2-config-file-parameters" $ | nindent 10 }} {{- if .Values.st2garbagecollector.env }} @@ -1690,6 +1701,7 @@ spec: mountPath: /post-start.sh subPath: post-start.sh command: + {{- include "stackstorm-ha.st2-entrypoint" $ | nindent 10 }} - 'bash' - '-ec' - 'while true; do sleep 999; done' diff --git a/tests/unit/image_entrypoint_test.yaml b/tests/unit/image_entrypoint_test.yaml new file mode 100644 index 00000000..496b2b4e --- /dev/null +++ b/tests/unit/image_entrypoint_test.yaml @@ -0,0 +1,243 @@ +--- +suite: Image Entrypoint +templates: + # primary template files + - deployments.yaml + + # included templates must also be listed + - configmaps_overrides.yaml + - configmaps_packs.yaml + - configmaps_rbac.yaml + - configmaps_st2-conf.yaml + - configmaps_st2web.yaml + - secrets_datastore_crypto_key.yaml + - secrets_ssh.yaml + - secrets_st2auth.yaml + - secrets_st2chatops.yaml + +# relevant values: +# image.entrypoint + +tests: + - it: Deployments use custom image.entrypoint + template: deployments.yaml + # st2auth, st2api, + # st2stream, st2web, + # st2rulesengine, st2timersengine, + # st2workflowengine, st2scheduler, + # st2notifier, (1) st2sensorcontainer, + # st2actionrunner, st2garbagecollector, + # st2client, st2chatops + set: + image: + entrypoint: + - &custom_entrypoint_0 "/usr/bin/dumb-init" + - &custom_entrypoint_1 "--" + st2: + rbac: { enabled: true } # enable rbac job + packs: { sensors: [] } # ensure only 1 sensor + st2chatops: + enabled: true + asserts: + - hasDocuments: + count: 14 + + # st2web and st2chatops do not use image.entrypoint + # document indexes: 3, 13 + # all remaining deployments do use image.entrypoint + + - isNull: &exists_command + path: spec.template.spec.containers[0].command + documentIndex: 3 # st2web + - isNull: *exists_command + documentIndex: 13 # st2chatops + + - equal: &eq_custom_entrypoint_0 + path: spec.template.spec.containers[0].command[0] + value: *custom_entrypoint_0 + documentIndex: 0 + - equal: &eq_custom_entrypoint_1 + path: spec.template.spec.containers[0].command[1] + value: *custom_entrypoint_1 + documentIndex: 0 + - equal: *eq_custom_entrypoint_0 + documentIndex: 1 + - equal: *eq_custom_entrypoint_1 + documentIndex: 1 + - equal: *eq_custom_entrypoint_0 + documentIndex: 2 + - equal: *eq_custom_entrypoint_1 + documentIndex: 2 + - equal: *eq_custom_entrypoint_0 + documentIndex: 4 + - equal: *eq_custom_entrypoint_1 + documentIndex: 4 + - equal: *eq_custom_entrypoint_0 + documentIndex: 5 + - equal: *eq_custom_entrypoint_1 + documentIndex: 5 + - equal: *eq_custom_entrypoint_0 + documentIndex: 6 + - equal: *eq_custom_entrypoint_1 + documentIndex: 6 + - equal: *eq_custom_entrypoint_0 + documentIndex: 7 + - equal: *eq_custom_entrypoint_1 + documentIndex: 7 + - equal: *eq_custom_entrypoint_0 + documentIndex: 8 + - equal: *eq_custom_entrypoint_1 + documentIndex: 8 + - equal: *eq_custom_entrypoint_0 + documentIndex: 9 + - equal: *eq_custom_entrypoint_1 + documentIndex: 9 + - equal: *eq_custom_entrypoint_0 + documentIndex: 10 + - equal: *eq_custom_entrypoint_1 + documentIndex: 10 + - equal: *eq_custom_entrypoint_0 + documentIndex: 11 + - equal: *eq_custom_entrypoint_1 + documentIndex: 11 + - equal: *eq_custom_entrypoint_0 + documentIndex: 12 + - equal: *eq_custom_entrypoint_1 + documentIndex: 12 + + - it: Deployments use custom empty image.entrypoint + template: deployments.yaml + set: + # image.entrypoint defaults to [] + # this might change in a future release + st2: + rbac: { enabled: true } # enable rbac job + packs: { sensors: [] } # ensure only 1 sensor + st2chatops: + enabled: true + asserts: + - hasDocuments: + count: 14 + + - isNull: *exists_command + documentIndex: 3 # st2web + - isNull: *exists_command + documentIndex: 13 # st2chatops + + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 0 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 0 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 1 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 1 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 2 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 2 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 4 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 4 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 5 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 5 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 6 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 6 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 7 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 7 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 8 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 8 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 9 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 9 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 10 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 10 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 11 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 11 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 12 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 12 + + - it: Deployments use default image.entrypoint + template: deployments.yaml + set: + image: + entrypoint: [] # explicitly empty list + st2: + rbac: { enabled: true } # enable rbac job + packs: { sensors: [] } # ensure only 1 sensor + st2chatops: + enabled: true + asserts: + - hasDocuments: + count: 14 + + - isNull: *exists_command + documentIndex: 3 # st2web + - isNull: *exists_command + documentIndex: 13 # st2chatops + + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 0 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 0 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 1 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 1 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 2 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 2 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 4 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 4 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 5 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 5 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 6 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 6 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 7 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 7 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 8 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 8 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 9 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 9 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 10 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 10 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 11 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 11 + - notEqual: *eq_custom_entrypoint_0 + documentIndex: 12 + - notEqual: *eq_custom_entrypoint_1 + documentIndex: 12 + diff --git a/values.yaml b/values.yaml index 06a77d7c..8f4d90fc 100644 --- a/values.yaml +++ b/values.yaml @@ -24,6 +24,14 @@ image: # May be required for public docker hub due to rate limiting or any private repository. # See: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ #pullSecret: "your-pull-secret" + # Image entry point for st2* deployments (except st2web and st2chatops). + # This chart replaces the entrypoint (command+args) baked into the docker images. + # If you are have installed a custom init process (like dumb-init, pid1, tini or similar), + # in the docker image(s) you are using, you can add that entrypoint here. + entrypoint: [] + # For example you could add dumb-init like this (dumb-init must be present in the image). + #- "/usr/bin/dumb-init" + #- "--" ## ## local cluster domain suffix to enable fqdn lookups for redis, mongo From 9f94693c8f4cde2fca000e8095a1c1b4a2fbdd87 Mon Sep 17 00:00:00 2001 From: Jacob Floyd Date: Fri, 12 Apr 2024 09:55:34 -0500 Subject: [PATCH 3/5] Improve migration script Deployment handling (#412) Helm could not apply some of the 1.0.0 changes to deployments because some fields were immutable. So, this adjusts the migration script to orphan the replicasets and delete the deployments. Then when helm upgrade recreates the deployments, they will adopt the orphaned replicasets and gradually recreate both replicasets and pods using the latest spec. --- CHANGELOG.md | 1 + migrations/v1.0/standardize-labels.sh | 33 +++++++++++++++++++++++++-- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 063aa9ea..e9c9e02a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * Stop generating the checksum labels for Auth Secret (#392) when existing secret provided or disabled (by @bmarick) * Use `image.pullPolicy` for all containers including init containers that use `image.utilityImage`. (#397) (by @jk464) * Add new `image.entrypoint` value to simplify using a custom entry point like `dumb-init` or `pid1` (if installed in the image). (#413) (by @cognifloyd) +* Improve Deployments migration in `migrations/v1.0/standardize-labels.sh` by temporarily orphaning the old ReplicaSets. (#412) (by @cognifloyd) ## v1.0.0 * Bump to latest CircleCI orb versions (kubernetes@1.3.1 and helm@3.0.0 by @ZoeLeah) diff --git a/migrations/v1.0/standardize-labels.sh b/migrations/v1.0/standardize-labels.sh index e44dd541..d966929a 100755 --- a/migrations/v1.0/standardize-labels.sh +++ b/migrations/v1.0/standardize-labels.sh @@ -7,6 +7,12 @@ # so that helm upgrade will not create duplicate resources. The new label # selectors do not match the old labels, so this script adds the new labels # to the old resources. Thus, the new selectors will update them. +# +# NOTE: This will orphan all Pods, but they will be adopted by the new Deployments. +# Specifically, we delete Deployment using propogationPolicy=Orphan, +# and then when Helm creates the Deployments again, the selector will match the +# current ReplicaSets (and their Pods) because we added the new labels. +# Finally, the standard k8s Deployment upgrade will gradually replace old Pods. # These env vars need to be set to use this script: # RELEASE_NAME (same as .Release.Name) @@ -19,6 +25,9 @@ RELEASE_NAME=${RELEASE_NAME:-st2} NAMESPACE=${NAMESPACE:-default} CHART_NAME=${CHART_NAME:-stackstorm-ha} # see Chart.yaml +echo RELEASE_NAME=${RELEASE_NAME} +echo NAMESPACE=${NAMESPACE} +echo CHART_NAME=${CHART_NAME} function klabel_app_instance() { kind=${1} @@ -40,6 +49,17 @@ function klabel_app_name() { "app.kubernetes.io/name=${app}" } +function kdelete_cascade_orphan() { + kind=${1} + app=${2} + kubectl delete "${kind}" \ + -n "${NAMESPACE}" \ + -l "vendor=stackstorm" \ + -l "release=${RELEASE_NAME}" \ + -l "app=${app}" \ + --cascade=orphan +} + function k_get_app_names() { kind=${1} app=${2} @@ -51,7 +71,9 @@ function k_get_app_names() { | jq -r '.items[] | select(.metadata.name | test("'"${app}"'")).metadata.labels.app' } +echo echo "Adding label app.kubernetes.io/instance=${RELEASE_NAME} (which will replace release=${RELEASE_NAME}) ..." +echo for kind in ConfigMap Secret Ingress Service ServiceAccount Deployment ReplicaSet Pod Job; do klabel_app_instance ${kind} @@ -59,6 +81,7 @@ done echo echo "Adding label app.kubernetes.io/name= (which will replace app=) ..." +echo klabel_app_name ConfigMap st2 klabel_app_name Secret st2 @@ -83,10 +106,12 @@ deployment_apps=( st2workflowengine ) for app in "${deployment_apps[@]}"; do - echo "Deployment app=${app} ..." - klabel_app_name Deployment ${app} + echo "ReplicaSet and Pods from Deployment app=${app} ..." klabel_app_name ReplicaSet ${app} klabel_app_name Pod ${app} + echo "Deleting Deployment app=${app} (orphaning the ReplicaSets)..." + kdelete_cascade_orphan Deployment ${app} + # do not delete ReplicaSet or the Deployment will not adopt the pods done service_apps=( @@ -115,3 +140,7 @@ done klabel_app_name ConfigMap st2tests klabel_app_name Pod st2tests + +echo +echo "ReplicaSets from Deployments have been orphaned, but new Deployments will adopt them." +echo "Make sure to run helm upgrade soon to create the new Deployments." From 80f80b4e118ad0ccf664b5b8630cf9fff2f739af Mon Sep 17 00:00:00 2001 From: Jacob Floyd Date: Fri, 12 Apr 2024 19:33:25 -0500 Subject: [PATCH 4/5] Release v1.1.0 --- CHANGELOG.md | 2 ++ Chart.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9c9e02a..919af036 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # Changelog ## Development + +## v1.1.0 * Fix syntax with ensure-packs-volumes-are-writable job (#403, #411) (by @skiedude) * Add securityContext support to custom st2packs images, extra_hooks jobs; Also fallback to st2actionrunner securityContext for misc init container jobs and pods. (#410) (by @cognifloyd) * Stop generating the DataStore Secret (#385) and checksum labels (#391) when existing secret provided or disabled (by @bmarick) diff --git a/Chart.yaml b/Chart.yaml index 8f450441..a418bdd5 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 # StackStorm version which refers to Docker images tag appVersion: "3.8" name: stackstorm-ha -version: 1.0.0 +version: 1.1.0 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment. home: https://stackstorm.com/ icon: https://landscape.cncf.io/logos/stack-storm.svg From 496fc5829c73d4d85064ddffc4b62fcc1093f755 Mon Sep 17 00:00:00 2001 From: jk464 <44260911+jk464@users.noreply.github.com> Date: Thu, 9 May 2024 20:52:13 +0100 Subject: [PATCH 5/5] Refactor unit tests to support unittests v0.4.4 (#417) Implements #414 --- .github/workflows/unit.yaml | 4 +- CHANGELOG.md | 1 + templates/deployments.yaml | 26 ++++----- templates/jobs.yaml | 12 ++-- tests/README.md | 6 +- tests/unit/custom_annotations_test.yaml | 10 ++-- tests/unit/dns_test.yaml | 4 +- tests/unit/env_test.yaml | 32 +++++------ tests/unit/image_entrypoint_test.yaml | 12 ++-- tests/unit/image_pull_test.yaml | 4 +- tests/unit/labels_test.yaml | 74 ++++++++++++------------- tests/unit/placement_test.yaml | 6 +- tests/unit/post_start_script_test.yaml | 50 ++++++++--------- tests/unit/resources_test.yaml | 6 +- tests/unit/secrets_test.yaml | 4 +- tests/unit/security_context_test.yaml | 6 +- tests/unit/service_account_test.yaml | 6 +- tests/unit/services_test.yaml | 2 +- tests/unit/st2sensors_test.yaml | 42 +++++++------- 19 files changed, 154 insertions(+), 153 deletions(-) diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml index a513583f..9d678667 100644 --- a/.github/workflows/unit.yaml +++ b/.github/workflows/unit.yaml @@ -35,7 +35,7 @@ jobs: # We should periodically check to see if another fork has taken over maintenance, # as the de-facto "best" fork has changed several times over the years. run: | - helm plugin install https://github.com/quintush/helm-unittest --version v0.2.11 + helm plugin install https://github.com/helm-unittest/helm-unittest.git --version v0.4.4 - name: Install chart dependencies run: | @@ -44,4 +44,4 @@ jobs: - name: Run helm-unittest # by default looks for tests/*_test.yaml run: | - helm unittest --color --helm3 -f 'tests/unit/*_test.yaml' . + helm unittest --color -f 'tests/unit/*_test.yaml' . diff --git a/CHANGELOG.md b/CHANGELOG.md index 919af036..c73a35e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Changelog ## Development +* Updated our tests/unit to support newer versions of `unittests` - for now bumping to `v0.4.4` as `v0.5.0` has a bug that impacts us (see helm-unittest/helm-unittest#329), but testing around the bug shows `v0.5.x` should also "just work" (#414) (by @jk464) ## v1.1.0 * Fix syntax with ensure-packs-volumes-are-writable job (#403, #411) (by @skiedude) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 7cbceded..b5ea91c3 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -38,8 +38,8 @@ spec: {{- toYaml .Values.st2auth.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -177,8 +177,8 @@ spec: {{- toYaml .Values.st2api.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} {{- if .Values.st2.packs.images }} @@ -316,8 +316,8 @@ spec: {{- toYaml .Values.st2stream.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -426,8 +426,8 @@ spec: {{- toYaml .Values.st2web.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} terminationGracePeriodSeconds: {{ .Values.st2web.terminationGracePeriodSeconds | default 30 }} @@ -565,8 +565,8 @@ spec: {{- toYaml .Values.st2rulesengine.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -683,8 +683,8 @@ spec: {{- toYaml .Values.st2timersengine.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -791,8 +791,8 @@ spec: {{- end }} spec: terminationGracePeriodSeconds: {{ .Values.st2workflowengine.terminationGracePeriodSeconds | default 300 }} - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -910,8 +910,8 @@ spec: {{- toYaml .Values.st2scheduler.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -1027,8 +1027,8 @@ spec: {{- toYaml .Values.st2notifier.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -1173,8 +1173,8 @@ spec: {{- toYaml $sensor.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if $.Values.image.pullSecret }} + imagePullSecrets: - name: {{ $.Values.image.pullSecret }} {{- end }} {{- if $.Values.st2.packs.images }} @@ -1354,8 +1354,8 @@ spec: hostAliases: {{- toYaml .Values.st2actionrunner.hostAliases | nindent 8 }} {{- end }} - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} {{- if .Values.st2.packs.images }} @@ -1501,8 +1501,8 @@ spec: {{- toYaml .Values.st2garbagecollector.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -1615,11 +1615,11 @@ spec: {{- toYaml .Values.st2client.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.st2.packs.images }} {{- include "stackstorm-ha.packs-pullSecrets" . | nindent 6 }} {{- end }} {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: diff --git a/templates/jobs.yaml b/templates/jobs.yaml index 592936fb..dfbca877 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -25,8 +25,8 @@ spec: {{- toYaml .Values.jobs.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} containers: @@ -127,8 +127,8 @@ spec: {{- toYaml .Values.jobs.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -266,8 +266,8 @@ spec: {{- toYaml .Values.jobs.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} initContainers: @@ -398,8 +398,8 @@ spec: {{- toYaml .Values.jobs.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if .Values.image.pullSecret }} + imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- end }} {{- if $.Values.st2.packs.images -}} @@ -512,8 +512,8 @@ spec: {{- toYaml $.Values.jobs.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if $.Values.image.pullSecret }} + imagePullSecrets: - name: {{ $.Values.image.pullSecret }} {{- end }} initContainers: [] @@ -633,8 +633,8 @@ spec: {{- toYaml $.Values.jobs.annotations | nindent 8 }} {{- end }} spec: - imagePullSecrets: {{- if $.Values.image.pullSecret }} + imagePullSecrets: - name: {{ $.Values.image.pullSecret }} {{- end }} {{- if $.Values.st2.packs.images -}} diff --git a/tests/README.md b/tests/README.md index cf0a78cc..b4366533 100644 --- a/tests/README.md +++ b/tests/README.md @@ -4,14 +4,14 @@ This directory contains Helm chart unit and integration tests (under `tests/unit ## Unit tests -Unit tests (`tests/unit/*_test.yaml`) use [`helm-unittest`](https://github.com/quintush/helm-unittest). +Unit tests (`tests/unit/*_test.yaml`) use [`helm-unittest`](https://github.com/helm-unittest/helm-unittest). `helm-unittest` uses a yaml-based test file to ensure that the templates generate expected features. For example, they can ensure that custom annotations are applied consistently to all of the deployments. Unit tests do not require a running kubernetes cluster. Before running unit tests, install the `helm-unittest` plugin and ensure you have sub-charts installed: ``` -helm plugin install https://github.com/quintush/helm-unittest +$ helm plugin install https://github.com/helm-unittest/helm-unittest.git helm dependency update ``` @@ -22,7 +22,7 @@ helm unittest --helm3 -f 'tests/unit/*_test.yaml' . > Note! If you need to add unit tests, file names should follow this pattern: `tests/unit/name_your_test.yaml` -See https://github.com/quintush/helm-unittest/blob/master/DOCUMENT.md for details on writing unit tests. +See https://github.com/helm-unittest/helm-unittest/blob/master/DOCUMENT.md for details on writing unit tests. ## Integration tests diff --git a/tests/unit/custom_annotations_test.yaml b/tests/unit/custom_annotations_test.yaml index 33724347..81147051 100644 --- a/tests/unit/custom_annotations_test.yaml +++ b/tests/unit/custom_annotations_test.yaml @@ -31,7 +31,7 @@ tests: foo: bar answer: "42" asserts: &annotations_asserts - - isNotNull: + - exists: path: metadata.annotations - equal: path: metadata.annotations.foo @@ -125,7 +125,7 @@ tests: # st2client, st2chatops # deployment annotations - - isNotNull: + - exists: path: metadata.annotations - equal: path: metadata.annotations.foo @@ -135,7 +135,7 @@ tests: value: "42" # pod annotations - - isNotNull: + - exists: path: spec.template.metadata.annotations - equal: path: spec.template.metadata.annotations.foo @@ -188,7 +188,7 @@ tests: # extra_hooks job # job annotations - - isNotNull: + - exists: path: metadata.annotations - equal: path: metadata.annotations.foo @@ -198,7 +198,7 @@ tests: value: "42" # pod annotations - - isNotNull: + - exists: path: spec.template.metadata.annotations - equal: path: spec.template.metadata.annotations.foo diff --git a/tests/unit/dns_test.yaml b/tests/unit/dns_test.yaml index 3d831ff5..d5e379e6 100644 --- a/tests/unit/dns_test.yaml +++ b/tests/unit/dns_test.yaml @@ -51,9 +51,9 @@ tests: hook_weight: -5 command: ["st2", "run", "--tail", "custom_pack.warn_about_upgrade"] asserts: - - isNull: + - notExists: path: spec.template.spec.dnsPolicy - - isNull: + - notExists: path: spec.template.spec.dnsConfig - it: Deployments and Jobs accept custom dnsPolicy or dnsConfig diff --git a/tests/unit/env_test.yaml b/tests/unit/env_test.yaml index 9cc7badf..72297390 100644 --- a/tests/unit/env_test.yaml +++ b/tests/unit/env_test.yaml @@ -34,32 +34,32 @@ tests: - name: ST2CLIENT value: "1" documentIndex: 12 - - isNull: &is_null_env + - notExists: &is_null_env path: spec.template.spec.containers[0].env documentIndex: 0 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 1 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 2 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 3 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 4 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 5 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 6 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 7 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 8 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 9 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 10 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 11 - - isNull: *is_null_env + - notExists: *is_null_env documentIndex: 13 - it: Jobs default to no env @@ -76,7 +76,7 @@ tests: asserts: - hasDocuments: count: 5 - - isNull: *is_null_env + - notExists: *is_null_env - it: Deployments accept custom env template: deployments.yaml @@ -177,10 +177,10 @@ tests: - contains: *contains_st2_urls documentIndex: 2 - - isNull: &is_null_envFrom + - notExists: &is_null_envFrom path: spec.template.spec.containers[0].envFrom documentIndex: 0 - - isNull: *is_null_envFrom + - notExists: *is_null_envFrom documentIndex: 3 - it: Deployments support envFromSecrets (st2actionrunner, st2sensorcontainer, and st2client) diff --git a/tests/unit/image_entrypoint_test.yaml b/tests/unit/image_entrypoint_test.yaml index 496b2b4e..e3c6d871 100644 --- a/tests/unit/image_entrypoint_test.yaml +++ b/tests/unit/image_entrypoint_test.yaml @@ -46,10 +46,10 @@ tests: # document indexes: 3, 13 # all remaining deployments do use image.entrypoint - - isNull: &exists_command + - notExists: &exists_command path: spec.template.spec.containers[0].command documentIndex: 3 # st2web - - isNull: *exists_command + - notExists: *exists_command documentIndex: 13 # st2chatops - equal: &eq_custom_entrypoint_0 @@ -119,9 +119,9 @@ tests: - hasDocuments: count: 14 - - isNull: *exists_command + - notExists: *exists_command documentIndex: 3 # st2web - - isNull: *exists_command + - notExists: *exists_command documentIndex: 13 # st2chatops - notEqual: *eq_custom_entrypoint_0 @@ -187,9 +187,9 @@ tests: - hasDocuments: count: 14 - - isNull: *exists_command + - notExists: *exists_command documentIndex: 3 # st2web - - isNull: *exists_command + - notExists: *exists_command documentIndex: 13 # st2chatops - notEqual: *eq_custom_entrypoint_0 diff --git a/tests/unit/image_pull_test.yaml b/tests/unit/image_pull_test.yaml index e739be59..1ee0aec0 100644 --- a/tests/unit/image_pull_test.yaml +++ b/tests/unit/image_pull_test.yaml @@ -67,7 +67,7 @@ tests: hook_weight: -5 command: ["st2", "run", "--tail", "custom_pack.warn_about_upgrade"] asserts: - - isNull: + - notExists: path: spec.template.spec.imagePullSecrets - equal: path: spec.template.spec.containers[0].imagePullPolicy @@ -202,7 +202,7 @@ tests: serviceAccount: create: true asserts: - - isNull: + - notExists: path: imagePullSecrets - it: ServiceAccount accepts custom imagePullSecret diff --git a/tests/unit/labels_test.yaml b/tests/unit/labels_test.yaml index e8857917..57afd975 100644 --- a/tests/unit/labels_test.yaml +++ b/tests/unit/labels_test.yaml @@ -54,58 +54,58 @@ tests: # metdata.labels.[app.kubernetes.io/name] # spec.selector.matchLabels.[app.kubernetes.io/name] # spec.template.metadata.labels.[app.kubernetes.io/name] - # So, we use isNotNull instead. + # So, we use exists instead. # see: https://github.com/quintush/helm-unittest/issues/122 - - isNotNull: - path: metadata.labels.[app.kubernetes.io/name] - - isNotNull: - path: spec.selector.matchLabels.[app.kubernetes.io/name] - - isNotNull: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + - exists: + path: metadata.labels["app.kubernetes.io/name"] + - exists: + path: spec.selector.matchLabels["app.kubernetes.io/name"] + - exists: + path: spec.template.metadata.labels["app.kubernetes.io/name"] - equal: &metadata_labels_instance - path: metadata.labels.[app.kubernetes.io/instance] + path: metadata.labels["app.kubernetes.io/instance"] value: some-release-name - equal: - path: spec.selector.matchLabels.[app.kubernetes.io/instance] + path: spec.selector.matchLabels["app.kubernetes.io/instance"] value: some-release-name - equal: &spec_template_metadata_labels_instance - path: spec.template.metadata.labels.[app.kubernetes.io/instance] + path: spec.template.metadata.labels["app.kubernetes.io/instance"] value: some-release-name - matchRegex: ®ex_metadata_labels_component_backend_or_frontend - path: metadata.labels.[app.kubernetes.io/component] + path: metadata.labels["app.kubernetes.io/component"] pattern: ^(backend|frontend)$ - matchRegex: ®ex_spec_template_metadata_labels_component_backend_or_frontend - path: spec.template.metadata.labels.[app.kubernetes.io/component] + path: spec.template.metadata.labels["app.kubernetes.io/component"] pattern: ^(backend|frontend)$ - equal: &metadata_labels_part_of - path: metadata.labels.[app.kubernetes.io/part-of] + path: metadata.labels["app.kubernetes.io/part-of"] value: stackstorm - equal: &spec_template_metadata_labels_part_of - path: spec.template.metadata.labels.[app.kubernetes.io/part-of] + path: spec.template.metadata.labels["app.kubernetes.io/part-of"] value: stackstorm - equal: &metadata_labels_app_version - path: metadata.labels.[app.kubernetes.io/version] + path: metadata.labels["app.kubernetes.io/version"] value: *appVersion - equal: &spec_template_metadata_labels_app_version - path: spec.template.metadata.labels.[app.kubernetes.io/version] + path: spec.template.metadata.labels["app.kubernetes.io/version"] value: *appVersion - equal: &metadata_labels_chart - path: metadata.labels.[helm.sh/chart] + path: metadata.labels["helm.sh/chart"] value: stackstorm-ha-1.0.999 - equal: &spec_template_metadata_labels_chart - path: spec.template.metadata.labels.[helm.sh/chart] + path: spec.template.metadata.labels["helm.sh/chart"] value: stackstorm-ha-1.0.999 - equal: &metadata_labels_managed_by - path: metadata.labels.[app.kubernetes.io/managed-by] + path: metadata.labels["app.kubernetes.io/managed-by"] value: Helm - equal: &spec_template_metadata_labels_managed_by - path: spec.template.metadata.labels.[app.kubernetes.io/managed-by] + path: spec.template.metadata.labels["app.kubernetes.io/managed-by"] value: Helm - it: Jobs+Pods have requried labels @@ -154,19 +154,19 @@ tests: # like deployments each of these should be the same: # metdata.labels.[app.kubernetes.io/name] # spec.template.metadata.labels.[app.kubernetes.io/name] - - isNotNull: - path: metadata.labels.[app.kubernetes.io/name] - - isNotNull: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + - exists: + path: metadata.labels["app.kubernetes.io/name"] + - exists: + path: spec.template.metadata.labels["app.kubernetes.io/name"] - equal: *metadata_labels_instance - equal: *spec_template_metadata_labels_instance - matchRegex: - path: metadata.labels.[app.kubernetes.io/component] + path: metadata.labels["app.kubernetes.io/component"] pattern: ^(backend|tests)$ - matchRegex: - path: spec.template.metadata.labels.[app.kubernetes.io/component] + path: spec.template.metadata.labels["app.kubernetes.io/component"] pattern: ^(backend|tests)$ - equal: *metadata_labels_part_of @@ -192,8 +192,8 @@ tests: count: 5 # st2auth, st2api, st2stream, st2web, st2chatops - - isNotNull: - path: metadata.labels.[app.kubernetes.io/name] + - exists: + path: metadata.labels["app.kubernetes.io/name"] - equal: *metadata_labels_instance - matchRegex: *regex_metadata_labels_component_backend_or_frontend - equal: *metadata_labels_part_of @@ -211,11 +211,11 @@ tests: - hasDocuments: count: 1 - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: stackstorm-ha - equal: *metadata_labels_instance - equal: &metadata_labels_component_backend - path: metadata.labels.[app.kubernetes.io/component] + path: metadata.labels["app.kubernetes.io/component"] value: backend - equal: *metadata_labels_part_of - equal: *metadata_labels_app_version @@ -231,7 +231,7 @@ tests: foo: bar answer: "42" asserts: - - isNotNull: + - exists: path: metadata.labels - equal: path: metadata.labels.foo @@ -253,11 +253,11 @@ tests: - hasDocuments: count: 1 - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: ingress - equal: *metadata_labels_instance - equal: - path: metadata.labels.[app.kubernetes.io/component] + path: metadata.labels["app.kubernetes.io/component"] value: frontend - equal: *metadata_labels_part_of - equal: *metadata_labels_app_version @@ -284,7 +284,7 @@ tests: - hasDocuments: count: 1 - equal: &metadata_labels_app_eq_st2 - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2 - equal: *metadata_labels_instance - equal: *metadata_labels_component_backend @@ -323,7 +323,7 @@ tests: - hasDocuments: count: 1 - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2chatops - equal: *metadata_labels_instance - equal: *metadata_labels_component_backend @@ -347,11 +347,11 @@ tests: - hasDocuments: count: 1 - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2 # should this be st2web? - equal: *metadata_labels_instance - equal: - path: metadata.labels.[app.kubernetes.io/component] + path: metadata.labels["app.kubernetes.io/component"] value: backend # should this be frontend? - equal: *metadata_labels_part_of - equal: *metadata_labels_app_version diff --git a/tests/unit/placement_test.yaml b/tests/unit/placement_test.yaml index 76ee7d63..6d7726d7 100644 --- a/tests/unit/placement_test.yaml +++ b/tests/unit/placement_test.yaml @@ -65,11 +65,11 @@ tests: hook_weight: -5 command: ["st2", "run", "--tail", "custom_pack.warn_about_upgrade"] asserts: - - isNull: + - notExists: path: spec.template.spec.nodeSelector - - isNull: + - notExists: path: spec.template.spec.tolerations - - isNull: + - notExists: path: spec.template.spec.affinity - it: Deployments and Jobs accept custom placement diff --git a/tests/unit/post_start_script_test.yaml b/tests/unit/post_start_script_test.yaml index 65f51bfd..916fd22c 100644 --- a/tests/unit/post_start_script_test.yaml +++ b/tests/unit/post_start_script_test.yaml @@ -31,10 +31,10 @@ tests: of: ConfigMap - isAPIVersion: of: v1 - - isNotEmpty: - path: data.[post-start.sh] + - isNotNullOrEmpty: + path: data["post-start.sh"] - equal: - path: data.[post-start.sh] + path: data["post-start.sh"] value: | #!/bin/bash mkdir -p /home/yelnats/.ssh @@ -84,10 +84,10 @@ tests: of: ConfigMap - isAPIVersion: of: v1 - - isNotEmpty: - path: data.[post-start.sh] + - isNotNullOrEmpty: + path: data["post-start.sh"] - matchRegex: - path: data.[post-start.sh] + path: data["post-start.sh"] # (?m) = multi-line mode: ^ and $ match begin/end line in addition to begin/end text # (?s) = let . match \n # .*? = any character zero or more times, prefer fewer @@ -106,8 +106,8 @@ tests: # st2actionrunner and st2client do not have checksum annotations # (even though they probably should) - - isNull: &assert_checksum - path: spec.template.metadata.annotations.[checksum/post-start-script] + - notExists: &assert_checksum + path: spec.template.metadata.annotations["checksum/post-start-script"] # only st2actionrunner and st2client have default postStart scripts - equal: &assert_lifecycle @@ -119,30 +119,30 @@ tests: - equal: *assert_lifecycle documentIndex: 12 - - isNull: &assert_null_lifecycle + - notExists: &assert_null_lifecycle path: spec.template.spec.containers[0].lifecycle documentIndex: 0 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 1 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 2 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 3 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 4 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 5 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 6 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 7 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 8 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 9 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 11 - - isNull: *assert_null_lifecycle + - notExists: *assert_null_lifecycle documentIndex: 13 - contains: &assert_volume_mount @@ -177,10 +177,10 @@ tests: documentIndex: 11 # st2web and st2chatops have no volumes (and can be null) - - isEmpty: + - isNullOrEmpty: path: spec.template.spec.containers[0].volumeMounts documentIndex: 3 - - isEmpty: + - isNullOrEmpty: path: spec.template.spec.containers[0].volumeMounts documentIndex: 13 @@ -217,10 +217,10 @@ tests: - notContains: *assert_volume documentIndex: 11 - - isEmpty: + - isNullOrEmpty: path: spec.template.spec.volumes documentIndex: 3 - - isEmpty: + - isNullOrEmpty: path: spec.template.spec.volumes documentIndex: 13 @@ -263,7 +263,7 @@ tests: - hasDocuments: count: 14 - - isNotEmpty: *assert_checksum + - isNotNullOrEmpty: *assert_checksum - equal: *assert_lifecycle - contains: *assert_volume_mount - contains: *assert_volume diff --git a/tests/unit/resources_test.yaml b/tests/unit/resources_test.yaml index 698897a7..55bd1116 100644 --- a/tests/unit/resources_test.yaml +++ b/tests/unit/resources_test.yaml @@ -30,13 +30,13 @@ tests: count: 14 # only st2web defines limits for now - - isNotEmpty: + - isNotNullOrEmpty: path: spec.template.spec.containers[0].resources.limits.memory documentIndex: 3 - - isNotEmpty: + - isNotNullOrEmpty: path: spec.template.spec.containers[0].resources.requests.memory - - isNotEmpty: + - isNotNullOrEmpty: path: spec.template.spec.containers[0].resources.requests.cpu - it: Deployments accept custom resources (except st2client) diff --git a/tests/unit/secrets_test.yaml b/tests/unit/secrets_test.yaml index 9827e01c..04c259e9 100644 --- a/tests/unit/secrets_test.yaml +++ b/tests/unit/secrets_test.yaml @@ -30,7 +30,7 @@ tests: asserts: - hasDocuments: count: 1 - - isNotEmpty: + - isNotNullOrEmpty: path: data.ST2_AUTH_PASSWORD documentIndex: 0 - equal: @@ -124,7 +124,7 @@ tests: asserts: - hasDocuments: count: 1 - - isNotEmpty: + - isNotNullOrEmpty: path: data.datastore_crypto_key documentIndex: 0 diff --git a/tests/unit/security_context_test.yaml b/tests/unit/security_context_test.yaml index 0468d362..4cc83f3b 100644 --- a/tests/unit/security_context_test.yaml +++ b/tests/unit/security_context_test.yaml @@ -74,13 +74,13 @@ tests: asserts: # pod - - isNull: + - notExists: path: spec.template.spec.securityContext # container - - isNull: + - notExists: path: "spec.template.spec.containers[0].securityContext" # path can only select one element, not all initContainers (if present). - #- isNull: + #- notExists: # path: 'spec.template.spec.initContainers[].securityContext' - it: Deployment and Job Pods+Containers use same SecurityContext when defined diff --git a/tests/unit/service_account_test.yaml b/tests/unit/service_account_test.yaml index e2edd984..dcc208a0 100644 --- a/tests/unit/service_account_test.yaml +++ b/tests/unit/service_account_test.yaml @@ -52,7 +52,7 @@ tests: asserts: - hasDocuments: count: 14 - - isNull: + - notExists: path: spec.template.spec.serviceAccountName - it: Deployments can attach ServiceAccount with default name (except st2client) @@ -92,7 +92,7 @@ tests: - hasDocuments: count: 14 # st2client does not allow attaching serviceAccount - - isNull: + - notExists: path: spec.template.spec.serviceAccountName documentIndex: 12 @@ -165,7 +165,7 @@ tests: - hasDocuments: count: 14 # st2client does not allow attaching serviceAccount - - isNull: + - notExists: path: spec.template.spec.serviceAccountName documentIndex: 12 diff --git a/tests/unit/services_test.yaml b/tests/unit/services_test.yaml index cff4a058..f62160c3 100644 --- a/tests/unit/services_test.yaml +++ b/tests/unit/services_test.yaml @@ -12,7 +12,7 @@ tests: asserts: - hasDocuments: count: 4 - - isNull: + - notExists: path: spec.externalName - it: st2web, st2auth, st2api, st2stream should work with externalName if type is ExternalName diff --git a/tests/unit/st2sensors_test.yaml b/tests/unit/st2sensors_test.yaml index 6564be18..f976b6f8 100644 --- a/tests/unit/st2sensors_test.yaml +++ b/tests/unit/st2sensors_test.yaml @@ -37,17 +37,17 @@ tests: documentIndex: *first_sensor_doc - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer documentIndex: *first_sensor_doc - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + path: spec.template.metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer documentIndex: *first_sensor_doc - equal: - path: spec.selector.matchLabels.[app.kubernetes.io/name] + path: spec.selector.matchLabels["app.kubernetes.io/name"] value: st2sensorcontainer documentIndex: *first_sensor_doc @@ -129,41 +129,41 @@ tests: documentIndex: *third_sensor_doc - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-foo documentIndex: *first_sensor_doc - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-bar documentIndex: *second_sensor_doc - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-baz documentIndex: *third_sensor_doc - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + path: spec.template.metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-foo documentIndex: *first_sensor_doc - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + path: spec.template.metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-bar documentIndex: *second_sensor_doc - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + path: spec.template.metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-baz documentIndex: *third_sensor_doc - equal: - path: spec.selector.matchLabels.[app.kubernetes.io/name] + path: spec.selector.matchLabels["app.kubernetes.io/name"] value: st2sensorcontainer-foo documentIndex: *first_sensor_doc - equal: - path: spec.selector.matchLabels.[app.kubernetes.io/name] + path: spec.selector.matchLabels["app.kubernetes.io/name"] value: st2sensorcontainer-bar documentIndex: *second_sensor_doc - equal: - path: spec.selector.matchLabels.[app.kubernetes.io/name] + path: spec.selector.matchLabels["app.kubernetes.io/name"] value: st2sensorcontainer-baz documentIndex: *third_sensor_doc @@ -293,41 +293,41 @@ tests: documentIndex: *third_sensor_doc - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-0 documentIndex: *first_sensor_doc - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-1 documentIndex: *second_sensor_doc - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-2 documentIndex: *third_sensor_doc - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + path: spec.template.metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-0 documentIndex: *first_sensor_doc - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + path: spec.template.metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-1 documentIndex: *second_sensor_doc - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + path: spec.template.metadata.labels["app.kubernetes.io/name"] value: st2sensorcontainer-2 documentIndex: *third_sensor_doc - equal: - path: spec.selector.matchLabels.[app.kubernetes.io/name] + path: spec.selector.matchLabels["app.kubernetes.io/name"] value: st2sensorcontainer-0 documentIndex: *first_sensor_doc - equal: - path: spec.selector.matchLabels.[app.kubernetes.io/name] + path: spec.selector.matchLabels["app.kubernetes.io/name"] value: st2sensorcontainer-1 documentIndex: *second_sensor_doc - equal: - path: spec.selector.matchLabels.[app.kubernetes.io/name] + path: spec.selector.matchLabels["app.kubernetes.io/name"] value: st2sensorcontainer-2 documentIndex: *third_sensor_doc