Add Helm Test

f5c6b40d · Tunde Oladipupo · 0329e180 · f5c6b40d · f5c6b40d · f5c6b40d
Commit f5c6b40d authored May 17, 2021 by Tunde Oladipupo
8 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [3.3.0-bb.1] - 2021-05-17
+Added helm test
 ## [3.3.0-bb.0] - 2021-04-09
 Added changelog

--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -3,8 +3,13 @@ description: A Helm chart for Gatekeeper
 name: gatekeeper
 keywords:
  - open policy agent
-version: 3.3.0-bb.0
+version: 3.3.0-bb.1
 home: https://github.com/open-policy-agent/gatekeeper
 sources:
  - https://github.com/open-policy-agent/gatekeeper.git
 appVersion: v3.3.0
+dependencies:
+  - name: bb-test-lib
+    version: "0.5.0"
+    repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates"
\ No newline at end of file
--- a/chart/charts/bb-test-lib-0.5.0.tgz
+++ b/chart/charts/bb-test-lib-0.5.0.tgz
--- a/chart/requirements.lock
+++ b/chart/requirements.lock
+dependencies:
+- name: bb-test-lib
+  repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates
+  version: 0.5.0
+digest: sha256:ec47e1f5de8d2060a2e7b93a756bb34c21b62069f04237c915adf8619ac03698
+generated: "2021-05-16T12:15:40.14552-05:00"
--- a/chart/templates/tests/constraints.yaml
+++ b/chart/templates/tests/constraints.yaml
+{{- include "bb-test-lib.script-configmap.overrides" (list . "gatekeeper-test.script-configmap") }}
+{{- define "gatekeeper-test.script-configmap" }}
+metadata:
+  namespace: gatekeeper-system
+  labels:
+    helm.sh/chart: '{{ template "gatekeeper.name" . }}'
+    app: '{{ template "gatekeeper.name" . }}'
+    release: '{{ .Release.Name }}'
+{{- end }}
+---
+{{- include "bb-test-lib.script-runner.overrides" (list . "gatekeeper-test.script-runner") -}}
+{{- define "gatekeeper-test.script-runner" -}}
+metadata:
+  namespace: gatekeeper-system
+  labels:
+    helm.sh/chart: '{{ template "gatekeeper.name" . }}'
+    app: '{{ template "gatekeeper.name" . }}'
+    release: '{{ .Release.Name }}'
+spec:
+  serviceAccountName: gatekeeper-admin
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ .Chart.Name }}-constraint-config"
+  labels:
+    helm-test: enabled
+  namespace: gatekeeper-system
+data:
+  config.yaml: |-
+    {{- include "test-manifest" . | nindent 4 }}
\ No newline at end of file
--- a/chart/templates/tests/labels.yaml
+++ b/chart/templates/tests/labels.yaml
+{{- define "test-manifest" }}
+apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: K8sRequiredLabelValues
+metadata:
+  name: pods-need-k8s-app-labels-test
+  namespace: gatekeeper-system
+  annotations:
+    helm.sh/hook: test-success
+  labels:
+    helm.sh/chart: '{{ template "gatekeeper.name" . }}'
+    app: '{{ template "gatekeeper.name" . }}'
+    release: '{{ .Release.Name }}'
+spec:
+  enforcementAction: dryrun
+  match:
+    kinds:
+      - apiGroups: [""]
+        kinds: ["Pod"]
+  parameters:
+    labels:
+    - key: "app.kubernetes.io/name"
+      allowedRegex: ""
+{{- end }}
\ No newline at end of file
--- a/chart/tests/scripts/constraints.sh
+++ b/chart/tests/scripts/constraints.sh
+#!/bin/bash
+set -ex
+echo "Wait for gatekeeper to be ready"
+kubectl wait --for=condition=ready --timeout=120s pod -l app=gatekeeper  -n gatekeeper-system
+sleep 20
+echo "Create Constraint K8sRequiredLabelValues"
+kubectl apply -f /yaml/config.yaml
+sleep 10
+kubectl describe  K8sRequiredLabelValues pods-need-k8s-app-labels-test -n gatekeeper-system
+echo "Check if test pod violation was recorded by gatekeeper"
+sleep 30
+kubectl get K8sRequiredLabelValues pods-need-k8s-app-labels-test -o jsonpath='{.status.violations[?(@.name == "gatekeeper-script-test")].namespace}' | grep gatekeeper-system || export VIOLATION="false"
+echo "Delete Constraint K8sRequiredLabelValues"
+kubectl delete -f /yaml/config.yaml
+if [[ ${VIOLATION} == "false" ]]; then
+  echo "Gatekeeper could not detect violation."
+  exit 1
+fi
+echo "Test was successful"
--- a/tests/test-values.yml
+++ b/tests/test-values.yml
 createNamespace: false
 image:
  pullSecrets:
-  - name: private-registry-mil
+  - name: private-registry
+bbtests:
+  scripts:
+    image: registry1.dso.mil/ironbank/opensource/kubernetes-1.20/kubectl-1.20:v1.20.6
+    additionalVolumeMounts:
+      - name: "{{ .Chart.Name }}-constraint-config"
+        mountPath: /yaml
+    additionalVolumes:
+      - name: "{{ .Chart.Name }}-constraint-config"
+        configMap:
+          name: "{{ .Chart.Name }}-constraint-config"