WIP: Adding unittests for secret functions

Signed-off-by: Pete Wall <pete.wall@grafana.com>
grafana · Nov 7, 2024 · f2d9056 · f2d9056
1 parent 267caf9
commit f2d9056
Show file tree

Hide file tree

Showing 20 changed files with 93 additions and 14 deletions.
diff --git a/charts/k8s-monitoring/Chart.lock b/charts/k8s-monitoring/Chart.lock
@@ -39,4 +39,4 @@ dependencies:
   repository: https://grafana.github.io/helm-charts
   version: 0.9.2
 digest: sha256:f5738b270a715d0fd122f5db19a928aceb4470a21314366cd91b8535fbcdbbee
-generated: "2024-11-07T09:04:36.742727-06:00"
+generated: "2024-11-07T09:59:57.476552-06:00"
diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-annotation-autodiscovery-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-annotation-autodiscovery-1.0.0.tgz
diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-application-observability-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-application-observability-1.0.0.tgz
diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-events-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-events-1.0.0.tgz
diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-metrics-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-cluster-metrics-1.0.0.tgz
diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-integrations-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-integrations-1.0.0.tgz
diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-pod-logs-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-pod-logs-1.0.0.tgz
diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-profiling-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-profiling-1.0.0.tgz
diff --git a/charts/k8s-monitoring/charts/k8s-monitoring-feature-prometheus-operator-objects-1.0.0.tgz b/charts/k8s-monitoring/charts/k8s-monitoring-feature-prometheus-operator-objects-1.0.0.tgz
diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-logs.alloy
diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-metrics.alloy
diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/alloy-receiver.alloy
diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml
diff --git a/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl b/charts/k8s-monitoring/templates/destinations/_destination_loki.tpl
@@ -12,7 +12,7 @@ loki.write {{ include "helper.alloy_name" .name | quote }} {
 {{- else }}
     url = {{ .url | quote }} 
 {{- end }}
-{{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+{{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tenantId")) "true" }}
     tenant_id = {{ include "secrets.read" (dict "object" . "key" "tenantId" "nonsensitive" true) }}
 {{- end }}
 {{- if or .extraHeaders .extraHeadersFrom }}

diff --git a/charts/k8s-monitoring/templates/destinations/_destination_otlp.tpl b/charts/k8s-monitoring/templates/destinations/_destination_otlp.tpl
@@ -71,7 +71,7 @@ otelcol.exporter.otlphttp {{ include "helper.alloy_name" .name | quote }} {
     auth = otelcol.auth.bearer.{{ include "helper.alloy_name" .name }}.handler
 {{- end }}
     headers = {
-{{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+{{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tenantId")) "true" }}
       "X-Scope-OrgID" = {{ include "secrets.read" (dict "object" . "key" "tenantId" "nonsensitive" true) }},
 {{- end }}
 {{- range $key, $value := .extraHeaders }}
@@ -92,13 +92,13 @@ otelcol.exporter.otlphttp {{ include "helper.alloy_name" .name | quote }} {
     tls {
       insecure = {{ .tls.insecure | default false }}
       insecure_skip_verify = {{ .tls.insecureSkipVerify | default false }}
-      {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+      {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.ca")) "true" }}
       ca_pem = {{ include "secrets.read" (dict "object" . "key" "tls.ca" "nonsensitive" true) }}
       {{- end }}
-      {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+      {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.cert")) "true" }}
       cert_pem = {{ include "secrets.read" (dict "object" . "key" "tls.cert" "nonsensitive" true) }}
       {{- end }}
-      {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+      {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.key")) "true" }}
       key_pem = {{ include "secrets.read" (dict "object" . "key" "tls.key") }}
       {{- end }}
     }

diff --git a/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl b/charts/k8s-monitoring/templates/destinations/_destination_prometheus.tpl
@@ -14,7 +14,7 @@ prometheus.remote_write {{ include "helper.alloy_name" .name | quote }} {
 {{- end }}
     headers = {
 {{- if ne (include "secrets.authType" .) "sigv4" }}
-  {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+  {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tenantId")) "true" }}
       "X-Scope-OrgID" = {{ include "secrets.read" (dict "object" . "key" "tenantId" "nonsensitive" true) }},
   {{- end }}
 {{- end }}
@@ -57,10 +57,10 @@ prometheus.remote_write {{ include "helper.alloy_name" .name | quote }} {
       {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.ca")) "true" }}
       ca_pem = {{ include "secrets.read" (dict "object" . "key" "tls.ca" "nonsensitive" true) }}
       {{- end }}
-      {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+      {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.cert")) "true" }}
       cert_pem = {{ include "secrets.read" (dict "object" . "key" "tls.cert" "nonsensitive" true) }}
       {{- end }}
-      {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+      {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.key")) "true" }}
       key_pem = {{ include "secrets.read" (dict "object" . "key" "tls.key") }}
       {{- end }}
     }

diff --git a/charts/k8s-monitoring/templates/destinations/_destination_pyroscope.tpl b/charts/k8s-monitoring/templates/destinations/_destination_pyroscope.tpl
@@ -9,7 +9,7 @@ pyroscope.write {{ include "helper.alloy_name" .name | quote }} {
     url = {{ .url | quote }} 
 {{- end }}
     headers = {
-{{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+{{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tenantId")) "true" }}
       "X-Scope-OrgID" = {{ include "secrets.read" (dict "object" . "key" "tenantId" "nonsensitive" true) }},
 {{- end }}
 {{- range $key, $value := .extraHeaders }}
@@ -32,13 +32,13 @@ pyroscope.write {{ include "helper.alloy_name" .name | quote }} {
 {{- if .tls }}
     tls_config {
       insecure_skip_verify = {{ .tls.insecureSkipVerify | default false }}
-      {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+      {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.ca")) "true" }}
       ca_pem = {{ include "secrets.read" (dict "object" . "key" "tls.ca" "nonsensitive" true) }}
       {{- end }}
-      {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+      {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.cert")) "true" }}
       cert_pem = {{ include "secrets.read" (dict "object" . "key" "tls.cert" "nonsensitive" true) }}
       {{- end }}
-      {{- if eq (include "secrets.usesKubernetesSecret" .) "true" }}
+      {{- if eq (include "secrets.usesSecret" (dict "object" . "key" "tls.key")) "true" }}
       key_pem = {{ include "secrets.read" (dict "object" . "key" "tls.key") }}
       {{- end }}
     }

diff --git a/charts/k8s-monitoring/templates/secrets/_helpers.tpl b/charts/k8s-monitoring/templates/secrets/_helpers.tpl
@@ -8,8 +8,9 @@
 {{/* Inputs: . (user of the secret, needs name, secret, auth) */}}
 {{- define "secrets.secretType" }}
 {{- if hasKey . "secret" }}
-  {{- if .secret.embed -}}embedded
+  {{- if eq .secret.embed true -}}embedded
   {{- else if eq .secret.create false -}}external
+  {{- else }}create
   {{- end }}
 {{- else -}}
 create

diff --git a/charts/k8s-monitoring/templates/test/secrets.yaml b/charts/k8s-monitoring/templates/test/secrets.yaml
@@ -0,0 +1,29 @@
+{{- if eq .Values.testing "true" }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-authType
+data:
+  testEmpty: {{ include "secrets.authType" dict | quote }}
+  testEmptyAuth: {{ include "secrets.authType" (dict "auth" (dict)) | quote }}
+  testEmptyType: {{ include "secrets.authType" (dict "auth" (dict "type" "")) | quote }}
+  testAuthTypeBasic: {{ include "secrets.authType" (dict "auth" (dict "type" "basic")) | quote }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-secrets-secretType
+data:
+  testEmpty: {{ include "secrets.secretType" dict | quote }}
+  testEmptySecret: {{ include "secrets.secretType" (dict "secret" (dict)) | quote }}
+  testEmbeddedTrue: {{ include "secrets.secretType" (dict "secret" (dict "embed" true)) | quote }}
+  testEmbeddedFalse: {{ include "secrets.secretType" (dict "secret" (dict "embed" false)) | quote }}
+  testCreateTrue: {{ include "secrets.secretType" (dict "secret" (dict "create" true)) | quote }}
+  testCreateFalse: {{ include "secrets.secretType" (dict "secret" (dict "create" false)) | quote }}
+  testBothTrue: {{ include "secrets.secretType" (dict "secret" (dict "create" true "embed" true)) | quote }}
+  testBothFalse: {{ include "secrets.secretType" (dict "secret" (dict "create" false "embed" false)) | quote }}
+  testCreateTrueEmbedFalse: {{ include "secrets.secretType" (dict "secret" (dict "create" true "embed" false)) | quote }}
+  testCreateFalseEmbedTrue: {{ include "secrets.secretType" (dict "secret" (dict "create" false "embed" true)) | quote }}
+{{- end }}
diff --git a/charts/k8s-monitoring/tests/unittest_secrets_test.yaml b/charts/k8s-monitoring/tests/unittest_secrets_test.yaml
@@ -0,0 +1,29 @@
+# yamllint disable rule:document-start rule:line-length rule:trailing-spaces
+suite: Secret functions unit tests
+templates:
+  - test/secrets.yaml
+tests:
+  - it: secrets.authType works appropriately
+    set:
+      testing: "true"
+    asserts:
+      - {equal: {path: "data.testEmpty",          value: "none"   }, documentIndex: 0 }
+      - {equal: {path: "data.testEmptyAuth",      value: "none"   }, documentIndex: 0 }
+      - {equal: {path: "data.testEmptyType",      value: "none"   }, documentIndex: 0 }
+      - {equal: {path: "data.testAuthTypeBasic",  value: "basic"  }, documentIndex: 0 }
+
+  - it: secrets.secretType works appropriately
+    set:
+      testing: "true"
+    asserts:
+      - {equal: {path: "data.testEmpty",                value: "create"   }, documentIndex: 1 }
+      - {equal: {path: "data.testEmptySecret",          value: "create"   }, documentIndex: 1 }
+      - {equal: {path: "data.testEmbeddedTrue",         value: "embedded" }, documentIndex: 1 }
+      - {equal: {path: "data.testEmbeddedFalse",        value: "create"   }, documentIndex: 1 }
+      - {equal: {path: "data.testCreateTrue",           value: "create"   }, documentIndex: 1 }
+      - {equal: {path: "data.testCreateFalse",          value: "external" }, documentIndex: 1 }
+      - {equal: {path: "data.testBothTrue",             value: "embedded" }, documentIndex: 1 }
+      - {equal: {path: "data.testBothFalse",            value: "external" }, documentIndex: 1 }
+      - {equal: {path: "data.testCreateTrueEmbedFalse", value: "create"   }, documentIndex: 1 }
+      - {equal: {path: "data.testCreateFalseEmbedTrue", value: "embedded" }, documentIndex: 1 }
+