Merge branch '224-add-custom-authorizationpolices' into 'main'

added the ability to add custom authorizationPolicies Closes #224 See merge request !323

Merge branch '224-add-custom-authorizationpolices' into 'main'
45e08036 · Kevin Scheunemann · 332c4a83 · 3183bdc0 · 45e08036 · 45e08036
Commit 45e08036 authored 3 months ago by Kevin Scheunemann
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,11 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ---
+## [1.24.0-bb.1] - 2024-12-16
+### Changed
+- added the ability to add custom authorizationPolicies
+- added helm unittest tests
+
 ## [1.24.0-bb.0] - 2024-12-13
 ### Changed
 - ironbank/elastic/elasticsearch/elasticsearch updated from 8.16.1 to 8.17.0

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -16,7 +16,7 @@ To contribute a change:

 1. Create a branch on the cloned repository
 2. Make the changes in code.
-3. Write tests using [cypress](https://www.cypress.io) and [Conftest](https://conftest.dev)
+3. Write tests using [cypress](https://www.cypress.io), [Conftest](https://conftest.dev) and [Helm Unittest](https://github.com/helm-unittest/helm-unittest)
 4. Make commits using the [Conventional Commits](https://www.conventionalcommits.org/) format. This helps with automation for changelog. Update `CHANGELOG.md` in the same commit using the [Keep a Changelog](https://keepachangelog.com). Depending on tooling maturity, this step may be automated.
 5. Open a merge request using one of the provided templates. If this merge request is solving a preexisting issue, add the issue reference into the description of the MR.
 6. During this time, ensure that all new commits are rebased into your branch so that it remains up to date with the `main` branch.

--- a/README.md
+++ b/README.md
 <!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
 # elasticsearch-kibana

-![Version: 1.24.0-bb.0](https://img.shields.io/badge/Version-1.24.0--bb.0-informational?style=flat-square) ![AppVersion: 8.17.0](https://img.shields.io/badge/AppVersion-8.17.0-informational?style=flat-square) ![Maintenance Track: bb_integrated](https://img.shields.io/badge/Maintenance_Track-bb_integrated-green?style=flat-square)
+![Version: 1.24.0-bb.1](https://img.shields.io/badge/Version-1.24.0--bb.1-informational?style=flat-square) ![AppVersion: 8.17.0](https://img.shields.io/badge/AppVersion-8.17.0-informational?style=flat-square) ![Maintenance Track: bb_integrated](https://img.shields.io/badge/Maintenance_Track-bb_integrated-green?style=flat-square)

 Configurable Deployment of Elasticsearch and Kibana Custom Resources Wrapped Inside a Helm Chart.


--- a/chart/.helmignore
+++ b/chart/.helmignore
+tests
\ No newline at end of file
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 apiVersion: v2
 name: elasticsearch-kibana
 description: Configurable Deployment of Elasticsearch and Kibana Custom Resources Wrapped Inside a Helm Chart.
-version: 1.24.0-bb.0
+version: 1.24.0-bb.1
 appVersion: 8.17.0
 dependencies:
  - name: gluon

--- a/chart/templates/bigbang/istio/authorizationPolicies/template.yaml
+++ b/chart/templates/bigbang/istio/authorizationPolicies/template.yaml
+{{- /* Render Istio Auth policies */ -}}
+{{- if and .Values.istio.enabled .Values.istio.hardened.enabled -}}
+{{- range $.Values.istio.hardened.customAuthorizationPolicies -}}
+{{- if .enabled -}}
+apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- toYaml .spec | nindent 2 }}
+---
+{{ end -}}
+{{ end -}}
+{{- end -}}
--- a/chart/templates/elasticsearch.yaml
+++ b/chart/templates/elasticsearch.yaml
@@ -59,7 +59,9 @@ spec:
          traffic.sidecar.istio.io/includeInboundPorts: "*"
          traffic.sidecar.istio.io/excludeInboundPorts: "9300"
          traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
+          {{- if $.Values.sso.enabled }}
          sso-secret/checksum: {{ include (print $.Template.BasePath "/bigbang/sso-secret.yaml") $ | sha256sum }}
+          {{- end }}
          values/checksum: {{ include "oidc" $ | sha256sum }}
        {{- if .podAnnotations }}
          {{- toYaml .podAnnotations | nindent 10 }}
@@ -167,7 +169,9 @@ spec:
          # To prevent double encrypted traffic we exclude 9300 from  sidecar traffic and mTLS
          traffic.sidecar.istio.io/excludeInboundPorts: "9300"
          traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
+          {{- if $.Values.sso.enabled }}
          sso-secret/checksum: {{ include (print $.Template.BasePath "/bigbang/sso-secret.yaml") $ | sha256sum }}
+          {{- end }}
          values/checksum: {{ include "oidc" $ | sha256sum }}
        {{- if .podAnnotations }}
          {{- toYaml .podAnnotations | nindent 10 }}

--- a/chart/tests/authorizationPolicies_template_test.yaml
+++ b/chart/tests/authorizationPolicies_template_test.yaml
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: test bigbang/istio/authorizationPolicies/template.yaml
+templates:
+  - bigbang/istio/authorizationPolicies/template.yaml
+tests:
+  - it: should not exist with default values
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: should exist when necessary values are set
+    set:
+      istio:
+        enabled: true
+        hardened:
+          enabled: true
+          customAuthorizationPolicies:
+            - name: fooBarPolicy
+              enabled: true
+              spec: 
+                foo: bar
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: AuthorizationPolicy
+      - equal:
+          path: metadata.name
+          value: fooBarPolicy
+      - equal:
+          path: spec.foo
+          value: bar
+
--- a/chart/tests/elasticsearch_test.yaml
+++ b/chart/tests/elasticsearch_test.yaml
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: test elasticsearch.yaml
+templates:
+  - elasticsearch.yaml
+release:
+  name: eck
+tests:
+  - it: should work with default values
+    asserts:
+      - isKind:
+          of: Elasticsearch
+      - equal:
+          path: metadata.name
+          value: eck
--- a/chart/tests/kibana_test.yaml
+++ b/chart/tests/kibana_test.yaml
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: test kibana.yaml
+templates:
+  - kibana.yaml
+release:
+  name: eck
+tests:
+  - it: should work with default values
+    asserts:
+      - isKind:
+          of: Kibana
+      - equal:
+          path: metadata.name
+          value: eck
\ No newline at end of file
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -74,6 +74,10 @@ Chart.yaml](https://github.com/prometheus-community/helm-charts/blob/main/charts

 # Testing a new Elasticsearch-Kibana version

+- Run Helm Unittests
+  - Make sure that you have helm unitests installed
+  - run `helm unittest chart` will run all tests under chart/tests/*_test.yaml
+
 > NOTE: For these testing steps it is good to do them on both a clean install and an upgrade. For clean install, point Elasticsearch-Kibana to your branch. For an upgrade do an install with Elasticsearch-Kibana pointing to the latest tag, then perform a helm upgrade with Elasticsearch-Kibana pointing to your branch.

 You will want to install with: