From 81bb687f6152da6470b0cfb07a8619960411a461 Mon Sep 17 00:00:00 2001 From: vijayg10 <33152110+vijayg10@users.noreply.github.com> Date: Thu, 3 Feb 2022 03:00:51 -0800 Subject: [PATCH] Added helm test for bof chart (#48) --- mojaloop/bof/Chart.yaml | 4 +- mojaloop/bof/templates/tests/rbac-tests.yaml | 44 ++++++++++++++ mojaloop/bof/values.yaml | 63 ++++++++++++++++++++ 3 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 mojaloop/bof/templates/tests/rbac-tests.yaml diff --git a/mojaloop/bof/Chart.yaml b/mojaloop/bof/Chart.yaml index ded749b1..8e0e39df 100644 --- a/mojaloop/bof/Chart.yaml +++ b/mojaloop/bof/Chart.yaml @@ -15,13 +15,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.0.1 +version: 2.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2.0.1" +appVersion: "2.1.0" dependencies: - name: common repository: "file://../common" diff --git a/mojaloop/bof/templates/tests/rbac-tests.yaml b/mojaloop/bof/templates/tests/rbac-tests.yaml new file mode 100644 index 00000000..59b53ad4 --- /dev/null +++ b/mojaloop/bof/templates/tests/rbac-tests.yaml @@ -0,0 +1,44 @@ +{{- if .Values.rbacTests.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "bof.fullname" . }}-rbac-tests + labels: + {{- include "bof.labels" . | nindent 4 }} + annotations: + helm.sh/hook: test + helm.sh/hook-weight: {{ .Values.rbacTests.weight | quote }} + helm.sh/hook-delete-policy: {{ .Values.rbacTests.deletePolicy }} +spec: + restartPolicy: Never + {{- if .Values.rbacTests.podSecurityContext.enabled }} + securityContext: {{- omit .Values.rbacTests.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if .Values.rbacTests.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.rbacTests.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.rbacTests.image.repository }}:{{ .Values.rbacTests.image.tag }}" + imagePullPolicy: {{ .Values.rbacTests.image.pullPolicy }} + {{- if .Values.rbacTests.image.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.rbacTests.image.imagePullSecrets | indent 10 }} + {{- end }} + {{- if .Values.rbacTests.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.rbacTests.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.rbacTests.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.rbacTests.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.rbacTests.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.rbacTests.args "context" $) | nindent 12 }} + {{- end }} + env: + {{- range $k, $v := .Values.rbacTests.env }} + - name: {{ $k }} + value: {{ quote $v }} + {{- end }} +{{- end}} + diff --git a/mojaloop/bof/values.yaml b/mojaloop/bof/values.yaml index 3ff258a5..de2b057f 100644 --- a/mojaloop/bof/values.yaml +++ b/mojaloop/bof/values.yaml @@ -51,6 +51,69 @@ global: mojaloopPermissionExclusion: {} apiSvc: {} +## RBAC Tests +rbacTests: + enabled: true + weight: -5 + deletePolicy: before-hook-creation + image: + registry: docker.io + repository: mojaloop/security-rbac-tests + tag: v1.0.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + command: + - npm + - run + - test + args: + # - somearg + env: + ROLE_ASSIGNMENT_SVC_BASE_PATH: 'http://role-assignment-service' + ML_INGRESS_BASE_PATH: 'http://bofportal.yourdomain.com' + TEST_USER_NAME: 'test1' + TEST_USER_PASSWORD: '' + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param podSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% pods' Security Context + ## @param podSecurityContext.fsGroup Set %%MAIN_CONTAINER_NAME%% pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param containerSecurityContext.enabled Enabled %%MAIN_CONTAINER_NAME%% containers' Security Context + ## @param containerSecurityContext.runAsUser Set %%MAIN_CONTAINER_NAME%% containers' Security Context runAsUser + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param initContainers Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Backend API services role-assignment-service: enabled: true