Added helm test for bof chart (#48)

mojaloop · Feb 3, 2022 · 81bb687 · 81bb687
1 parent 1483a23
commit 81bb687
Show file tree

Hide file tree

Showing 3 changed files with 109 additions and 2 deletions.
diff --git a/mojaloop/bof/Chart.yaml b/mojaloop/bof/Chart.yaml
@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.0.1
+version: 2.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.0.1"
+appVersion: "2.1.0"
 dependencies:
   - name: common
     repository: "file://../common"

diff --git a/mojaloop/bof/templates/tests/rbac-tests.yaml b/mojaloop/bof/templates/tests/rbac-tests.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.rbacTests.enabled }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ include "bof.fullname" . }}-rbac-tests
+  labels:
+      {{- include "bof.labels" . | nindent 4 }}
+  annotations:
+    helm.sh/hook: test
+    helm.sh/hook-weight: {{ .Values.rbacTests.weight | quote }}
+    helm.sh/hook-delete-policy: {{ .Values.rbacTests.deletePolicy }}
+spec:
+  restartPolicy: Never
+  {{- if .Values.rbacTests.podSecurityContext.enabled }}
+  securityContext: {{- omit .Values.rbacTests.podSecurityContext "enabled" | toYaml | nindent 8 }}
+  {{- end }}
+  initContainers:
+    {{- if .Values.rbacTests.initContainers }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.rbacTests.initContainers "context" $) | nindent 8 }}
+    {{- end }}
+  containers:
+  - name: {{ .Chart.Name }}
+    image: "{{ .Values.rbacTests.image.repository }}:{{ .Values.rbacTests.image.tag }}"
+    imagePullPolicy: {{ .Values.rbacTests.image.pullPolicy }}
+    {{- if .Values.rbacTests.image.imagePullSecrets }}
+    imagePullSecrets:
+    {{ toYaml .Values.rbacTests.image.imagePullSecrets | indent 10 }}
+    {{- end }}
+    {{- if .Values.rbacTests.containerSecurityContext.enabled }}
+    securityContext: {{- omit .Values.rbacTests.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+    {{- end }}
+    {{- if .Values.rbacTests.command }}
+    command: {{- include "common.tplvalues.render" (dict "value" .Values.rbacTests.command "context" $) | nindent 12 }}
+    {{- end }}
+    {{- if .Values.rbacTests.args }}
+    args: {{- include "common.tplvalues.render" (dict "value" .Values.rbacTests.args "context" $) | nindent 12 }}
+    {{- end }}
+    env:
+    {{- range $k, $v := .Values.rbacTests.env }}
+    - name: {{ $k }}
+      value: {{ quote $v }}
+    {{- end }}
+{{- end}}
+
diff --git a/mojaloop/bof/values.yaml b/mojaloop/bof/values.yaml
@@ -51,6 +51,69 @@ global:
     mojaloopPermissionExclusion: {}
     apiSvc: {}
 
+## RBAC Tests
+rbacTests:
+  enabled: true
+  weight: -5
+  deletePolicy: before-hook-creation
+  image:
+    registry: docker.io
+    repository: mojaloop/security-rbac-tests
+    tag: v1.0.0
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ## e.g:
+    ## pullSecrets:
+    ##   - myRegistryKeySecretName
+    ##
+    pullSecrets: []
+    ## Enable debug mode
+    ##
+    debug: false
+  command:
+    - npm
+    - run
+    - test
+  args:
+    # - somearg
+  env:
+    ROLE_ASSIGNMENT_SVC_BASE_PATH: 'http://role-assignment-service'
+    ML_INGRESS_BASE_PATH: 'http://bofportal.yourdomain.com'
+    TEST_USER_NAME: 'test1'
+    TEST_USER_PASSWORD: ''
+  ## Configure Pods Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param podSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% pods' Security Context
+  ## @param podSecurityContext.fsGroup Set %%MAIN_CONTAINER_NAME%% pod's Security Context fsGroup
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroup: 1001
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context
+  ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser
+  ##
+  containerSecurityContext:
+    enabled: true
+    runAsUser: 1001
+  ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s)
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  ## e.g:
+  ## initContainers:
+  ##  - name: your-image-name
+  ##    image: your-image
+  ##    imagePullPolicy: Always
+  ##    command: ['sh', '-c', 'echo "hello world"']
+  ##
+  initContainers: []
+
 ## Backend API services
 role-assignment-service:
   enabled: true