From 97fe7235428809335768e1de11b084f404e2b498 Mon Sep 17 00:00:00 2001 From: Uma Veera Date: Thu, 21 Sep 2023 15:05:53 +0530 Subject: [PATCH] US-559800: Simplify Secrets creation in Pega helm charts (#632) * US-559800: Simplify Secrets creation in Pega helm charts Co-authored-by: rajuu Co-authored-by: MadhuriArugula --- .../charts/hazelcast/templates/_helpers.tpl | 29 +-- .../hazelcast/templates/_supplemental.tpl | 78 +++--- .../charts/installer/templates/_helpers.tpl | 4 +- .../templates/_pega-installer-job.tpl | 17 +- .../installer/templates/_supplemental.tpl | 78 +++--- .../pegasearch/templates/_supplemental.tpl | 78 +++--- charts/pega/templates/_helpers.tpl | 25 ++ .../templates/_pega-credentials-secret.tpl | 81 ------ charts/pega/templates/_secrets_helpers.tpl | 84 ++++++ charts/pega/templates/_supplemental.tpl | 78 +++--- .../templates/pega-credentials-secret.yaml | 1 - .../pega-custom-artifactory-secret.yaml | 25 ++ charts/pega/templates/pega-db-secret.yaml | 21 ++ charts/pega/templates/pega-dds-secret.yaml | 31 +++ .../templates/pega-diagnostic-secret.yaml | 20 ++ charts/pega/templates/pega-hz-secret.yaml | 21 ++ charts/pega/templates/pega-stream-secret.yaml | 24 ++ .../clustering-service-deployment_test.go | 2 +- .../data/values_with_externalsecrets.yaml | 5 + .../data/values_with_tier_diagnostic.yaml | 6 + ...dentials-secret-with-cassandra-enc_test.go | 62 ----- ...ntials-secret-with-external-stream_test.go | 64 ----- .../pega-credentials-secret-with-hzcs_test.go | 82 ------ .../test/pega/pega-credentials-secret_test.go | 239 ------------------ ...tom-artifactory-secret-with-apikey_test.go | 56 ++++ ...artifactory-secret-with-basic-auth_test.go | 56 ++++ .../src/test/pega/pega-custom-upgrade_test.go | 11 +- .../src/test/pega/pega-db-secret_test.go | 70 +++++ .../src/test/pega/pega-dds-secret_test.go | 58 +++++ .../test/pega/pega-diagnostic-secret_test.go | 56 ++++ .../test/pega/pega-environment-config_test.go | 75 +++--- .../src/test/pega/pega-hz-deployment_test.go | 2 +- ...ployment_test_with_externalsecrets_test.go | 4 +- .../src/test/pega/pega-hz-secret_test.go | 81 ++++++ .../pega-installer-config-connprops_test.go | 8 +- .../src/test/pega/pega-installer-job_test.go | 6 +- .../src/test/pega/pega-stream-secret_test.go | 60 +++++ ...t-with-external-secret-credentials_test.go | 9 +- .../test/pega/pega-tier-deployment_test.go | 4 +- ...pega-tier-service-with-servicetype_test.go | 12 +- 40 files changed, 953 insertions(+), 770 deletions(-) delete mode 100644 charts/pega/templates/_pega-credentials-secret.tpl create mode 100644 charts/pega/templates/_secrets_helpers.tpl delete mode 100644 charts/pega/templates/pega-credentials-secret.yaml create mode 100644 charts/pega/templates/pega-custom-artifactory-secret.yaml create mode 100644 charts/pega/templates/pega-db-secret.yaml create mode 100644 charts/pega/templates/pega-dds-secret.yaml create mode 100644 charts/pega/templates/pega-diagnostic-secret.yaml create mode 100644 charts/pega/templates/pega-hz-secret.yaml create mode 100644 charts/pega/templates/pega-stream-secret.yaml create mode 100644 terratest/src/test/pega/data/values_with_tier_diagnostic.yaml delete mode 100644 terratest/src/test/pega/pega-credentials-secret-with-cassandra-enc_test.go delete mode 100644 terratest/src/test/pega/pega-credentials-secret-with-external-stream_test.go delete mode 100755 terratest/src/test/pega/pega-credentials-secret-with-hzcs_test.go delete mode 100644 terratest/src/test/pega/pega-credentials-secret_test.go create mode 100644 terratest/src/test/pega/pega-custom-artifactory-secret-with-apikey_test.go create mode 100644 terratest/src/test/pega/pega-custom-artifactory-secret-with-basic-auth_test.go create mode 100644 terratest/src/test/pega/pega-db-secret_test.go create mode 100644 terratest/src/test/pega/pega-dds-secret_test.go create mode 100644 terratest/src/test/pega/pega-diagnostic-secret_test.go create mode 100644 terratest/src/test/pega/pega-hz-secret_test.go create mode 100644 terratest/src/test/pega/pega-stream-secret_test.go diff --git a/charts/pega/charts/hazelcast/templates/_helpers.tpl b/charts/pega/charts/hazelcast/templates/_helpers.tpl index ff1ee4438..bdc727080 100644 --- a/charts/pega/charts/hazelcast/templates/_helpers.tpl +++ b/charts/pega/charts/hazelcast/templates/_helpers.tpl @@ -36,22 +36,21 @@ projected: defaultMode: 420 sources: - - secret: - name: {{ template "pegaCredentialsSecret" $ }} - {{ if ((.Values.global.jdbc).external_secret_name) }} - - secret: - name: {{ .Values.global.jdbc.external_secret_name }} - {{- end }} - {{ if (.Values.external_secret_name)}} - - secret: - name: {{ .Values.external_secret_name }} - {{- end }} - {{ if ((.Values.global.customArtifactory.authentication).external_secret_name) }} - - secret: - name: {{ .Values.global.customArtifactory.authentication.external_secret_name }} - {{- end }} + {{- $d := dict "deploySecret" "deployHzServerSecret" "deployNonExtsecret" "deployNonExtHzServerSecret" "extSecretName" .Values.external_secret_name "nonExtSecretName" "pega-hz-secret-name" "context" $ -}} + {{ include "secretResolver" $d | indent 4}} {{- end}} +{{- define "deployHzServerSecret" -}} +true +{{- end }} + +{{- define "deployNonExtHzServerSecret" }} +{{- if and (eq (include "deployHzServerSecret" .) "true") (not (.Values).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} # Override this template to generate additional pod annotations that are dynamically composed during helm deployment (do not indent annotations) {{- define "generatedHazelcastServicePodAnnotations" }} @@ -84,4 +83,4 @@ {{- else -}} false {{- end -}} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/pega/charts/hazelcast/templates/_supplemental.tpl b/charts/pega/charts/hazelcast/templates/_supplemental.tpl index e8eb70789..20e01f3ef 100644 --- a/charts/pega/charts/hazelcast/templates/_supplemental.tpl +++ b/charts/pega/charts/hazelcast/templates/_supplemental.tpl @@ -1,14 +1,17 @@ {{- /* deploymentName -pegaCredentialsSecret pegaRegistrySecret imagePullSecrets -pegaCredentialVolumeTemplate pegaVolumeCredentials customArtifactorySSLVerificationEnabled performDeployment performInstallAndDeployment -performUpgradeAndDeployment are copied from pega/templates/_helpers.tpl because helm lint requires +performUpgradeAndDeployment +pega-db-secret-name +pega-hz-secret-name +deployDBSecret +deployNonExtDBSecret +secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details. */}} @@ -17,11 +20,6 @@ charts to render standalone. See: https://github.com/helm/helm/issues/11260 for {{- define "pegaVolumeCredentials" }}pega-volume-credentials{{- end }} -{{- define "pegaCredentialsSecret" }} -{{- $depName := printf "%s" (include "deploymentName" $) -}} -{{- $depName -}}-credentials-secret -{{- end }} - {{- define "initContainerResources" }} resources: # Resources requests/limits for initContainers @@ -33,35 +31,6 @@ charts to render standalone. See: https://github.com/helm/helm/issues/11260 for memory: 64Mi {{- end }} -{{- define "pegaCredentialVolumeTemplate" }} -- name: {{ template "pegaVolumeCredentials" }} - projected: - defaultMode: 420 - sources: - - secret: - name: {{ template "pegaCredentialsSecret" $ }} - {{ if ((.Values.global.jdbc).external_secret_name) }} - - secret: - name: {{ .Values.global.jdbc.external_secret_name }} - {{- end }} - {{ if ((.Values.hazelcast).external_secret_name)}} - - secret: - name: {{ .Values.hazelcast.external_secret_name }} - {{- end }} - {{ if ((.Values.global.customArtifactory.authentication).external_secret_name) }} - - secret: - name: {{ .Values.global.customArtifactory.authentication.external_secret_name }} - {{- end }} - {{ if ((.Values.dds).external_secret_name)}} - - secret: - name: {{ .Values.dds.external_secret_name }} - {{- end }} - {{ if ((.Values.stream).external_secret_name)}} - - secret: - name: {{ .Values.stream.external_secret_name }} - {{- end }} -{{- end}} - {{- define "customArtifactorySSLVerificationEnabled" }} {{- if (.Values.global.customArtifactory) }} {{- if (.Values.global.customArtifactory.enableSSLVerification) }} @@ -113,4 +82,37 @@ false {{- else -}} false {{- end -}} -{{- end }} \ No newline at end of file +{{- end }} + +{{- define "pega-db-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-db-secret +{{- end -}} + +{{- define "pega-hz-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-hz-secret +{{- end -}} + +{{- define "deployDBSecret" -}} +true +{{- end }} + +{{- define "deployNonExtDBSecret" }} +{{- if and (eq (include "deployDBSecret" .) "true") (not (.Values.global.jdbc).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{- define "secretResolver" }} +{{- if (eq (include .deploySecret .context) "true") }} +- secret: +{{- if (eq (include .deployNonExtsecret .context) "true") }} + name: {{ include .nonExtSecretName .context}} +{{- else }} + name: {{ .extSecretName }} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/pega/charts/installer/templates/_helpers.tpl b/charts/pega/charts/installer/templates/_helpers.tpl index 46940d56e..3150effb8 100644 --- a/charts/pega/charts/installer/templates/_helpers.tpl +++ b/charts/pega/charts/installer/templates/_helpers.tpl @@ -249,4 +249,6 @@ currentFunctionPath=SYSIBM,SYSFUN,{{ include "resolvedDataSchema" . | upper }} {{- $webTierServiceName = printf "%s-web" $depName }} {{- end }} {{- $protocol }}://{{- $webTierServiceName -}}:{{- $port -}}/{{- $webAppContextPath -}}/PRRestService -{{- end }} \ No newline at end of file +{{- end }} + +{{- define "pegaInstallerCredentialsVolume" }}pega-installer-credentials-volume{{- end }} \ No newline at end of file diff --git a/charts/pega/charts/installer/templates/_pega-installer-job.tpl b/charts/pega/charts/installer/templates/_pega-installer-job.tpl index a68fb23f3..d2f5f5a6c 100644 --- a/charts/pega/charts/installer/templates/_pega-installer-job.tpl +++ b/charts/pega/charts/installer/templates/_pega-installer-job.tpl @@ -50,8 +50,19 @@ spec: {{- end }} {{- if .root.Values.custom }}{{- if .root.Values.custom.volumes }} {{ toYaml .root.Values.custom.volumes | indent 6 }} -{{- end }}{{- end }} -{{- include "pegaCredentialVolumeTemplate" .root | indent 6 }} +{{- end }}{{- end }} + - name: {{ template "pegaInstallerCredentialsVolume" }} + projected: + defaultMode: 420 + sources: + {{- $d := dict "deploySecret" "deployDBSecret" "deployNonExtsecret" "deployNonExtDBSecret" "extSecretName" .root.Values.global.jdbc.external_secret_name "nonExtSecretName" "pega-db-secret-name" "context" .root -}} + {{ include "secretResolver" $d | indent 10}} + + # Fix it, Below peace of code always uses secret created from hz username & password. It cannot resolve hz external secret due to helm sub chart limitations. Modify it once hazelcast deployment is isolated. + {{- if ( eq .root.Values.upgrade.isHazelcastClientServer "true" ) }} + - secret: + name: {{ include "pega-hz-secret-name" .root}} + {{- end }} - name: {{ template "pegaVolumeInstall" }} configMap: # This name will be referred in the volume mounts kind. @@ -99,7 +110,7 @@ spec: # The given mountpath is mapped to volume with the specified name. The config map files are mounted here. - name: {{ template "pegaVolumeInstall" }} mountPath: "/opt/pega/config" - - name: {{ template "pegaVolumeCredentials" }} + - name: {{ template "pegaInstallerCredentialsVolume" }} mountPath: "/opt/pega/secrets" {{- if and .root.Values.distributionKitVolumeClaimName (not .root.Values.distributionKitURL) }} - name: {{ template "pegaDistributionKitVolume" }} diff --git a/charts/pega/charts/installer/templates/_supplemental.tpl b/charts/pega/charts/installer/templates/_supplemental.tpl index e8eb70789..20e01f3ef 100644 --- a/charts/pega/charts/installer/templates/_supplemental.tpl +++ b/charts/pega/charts/installer/templates/_supplemental.tpl @@ -1,14 +1,17 @@ {{- /* deploymentName -pegaCredentialsSecret pegaRegistrySecret imagePullSecrets -pegaCredentialVolumeTemplate pegaVolumeCredentials customArtifactorySSLVerificationEnabled performDeployment performInstallAndDeployment -performUpgradeAndDeployment are copied from pega/templates/_helpers.tpl because helm lint requires +performUpgradeAndDeployment +pega-db-secret-name +pega-hz-secret-name +deployDBSecret +deployNonExtDBSecret +secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details. */}} @@ -17,11 +20,6 @@ charts to render standalone. See: https://github.com/helm/helm/issues/11260 for {{- define "pegaVolumeCredentials" }}pega-volume-credentials{{- end }} -{{- define "pegaCredentialsSecret" }} -{{- $depName := printf "%s" (include "deploymentName" $) -}} -{{- $depName -}}-credentials-secret -{{- end }} - {{- define "initContainerResources" }} resources: # Resources requests/limits for initContainers @@ -33,35 +31,6 @@ charts to render standalone. See: https://github.com/helm/helm/issues/11260 for memory: 64Mi {{- end }} -{{- define "pegaCredentialVolumeTemplate" }} -- name: {{ template "pegaVolumeCredentials" }} - projected: - defaultMode: 420 - sources: - - secret: - name: {{ template "pegaCredentialsSecret" $ }} - {{ if ((.Values.global.jdbc).external_secret_name) }} - - secret: - name: {{ .Values.global.jdbc.external_secret_name }} - {{- end }} - {{ if ((.Values.hazelcast).external_secret_name)}} - - secret: - name: {{ .Values.hazelcast.external_secret_name }} - {{- end }} - {{ if ((.Values.global.customArtifactory.authentication).external_secret_name) }} - - secret: - name: {{ .Values.global.customArtifactory.authentication.external_secret_name }} - {{- end }} - {{ if ((.Values.dds).external_secret_name)}} - - secret: - name: {{ .Values.dds.external_secret_name }} - {{- end }} - {{ if ((.Values.stream).external_secret_name)}} - - secret: - name: {{ .Values.stream.external_secret_name }} - {{- end }} -{{- end}} - {{- define "customArtifactorySSLVerificationEnabled" }} {{- if (.Values.global.customArtifactory) }} {{- if (.Values.global.customArtifactory.enableSSLVerification) }} @@ -113,4 +82,37 @@ false {{- else -}} false {{- end -}} -{{- end }} \ No newline at end of file +{{- end }} + +{{- define "pega-db-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-db-secret +{{- end -}} + +{{- define "pega-hz-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-hz-secret +{{- end -}} + +{{- define "deployDBSecret" -}} +true +{{- end }} + +{{- define "deployNonExtDBSecret" }} +{{- if and (eq (include "deployDBSecret" .) "true") (not (.Values.global.jdbc).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{- define "secretResolver" }} +{{- if (eq (include .deploySecret .context) "true") }} +- secret: +{{- if (eq (include .deployNonExtsecret .context) "true") }} + name: {{ include .nonExtSecretName .context}} +{{- else }} + name: {{ .extSecretName }} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/pega/charts/pegasearch/templates/_supplemental.tpl b/charts/pega/charts/pegasearch/templates/_supplemental.tpl index e8eb70789..20e01f3ef 100644 --- a/charts/pega/charts/pegasearch/templates/_supplemental.tpl +++ b/charts/pega/charts/pegasearch/templates/_supplemental.tpl @@ -1,14 +1,17 @@ {{- /* deploymentName -pegaCredentialsSecret pegaRegistrySecret imagePullSecrets -pegaCredentialVolumeTemplate pegaVolumeCredentials customArtifactorySSLVerificationEnabled performDeployment performInstallAndDeployment -performUpgradeAndDeployment are copied from pega/templates/_helpers.tpl because helm lint requires +performUpgradeAndDeployment +pega-db-secret-name +pega-hz-secret-name +deployDBSecret +deployNonExtDBSecret +secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details. */}} @@ -17,11 +20,6 @@ charts to render standalone. See: https://github.com/helm/helm/issues/11260 for {{- define "pegaVolumeCredentials" }}pega-volume-credentials{{- end }} -{{- define "pegaCredentialsSecret" }} -{{- $depName := printf "%s" (include "deploymentName" $) -}} -{{- $depName -}}-credentials-secret -{{- end }} - {{- define "initContainerResources" }} resources: # Resources requests/limits for initContainers @@ -33,35 +31,6 @@ charts to render standalone. See: https://github.com/helm/helm/issues/11260 for memory: 64Mi {{- end }} -{{- define "pegaCredentialVolumeTemplate" }} -- name: {{ template "pegaVolumeCredentials" }} - projected: - defaultMode: 420 - sources: - - secret: - name: {{ template "pegaCredentialsSecret" $ }} - {{ if ((.Values.global.jdbc).external_secret_name) }} - - secret: - name: {{ .Values.global.jdbc.external_secret_name }} - {{- end }} - {{ if ((.Values.hazelcast).external_secret_name)}} - - secret: - name: {{ .Values.hazelcast.external_secret_name }} - {{- end }} - {{ if ((.Values.global.customArtifactory.authentication).external_secret_name) }} - - secret: - name: {{ .Values.global.customArtifactory.authentication.external_secret_name }} - {{- end }} - {{ if ((.Values.dds).external_secret_name)}} - - secret: - name: {{ .Values.dds.external_secret_name }} - {{- end }} - {{ if ((.Values.stream).external_secret_name)}} - - secret: - name: {{ .Values.stream.external_secret_name }} - {{- end }} -{{- end}} - {{- define "customArtifactorySSLVerificationEnabled" }} {{- if (.Values.global.customArtifactory) }} {{- if (.Values.global.customArtifactory.enableSSLVerification) }} @@ -113,4 +82,37 @@ false {{- else -}} false {{- end -}} -{{- end }} \ No newline at end of file +{{- end }} + +{{- define "pega-db-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-db-secret +{{- end -}} + +{{- define "pega-hz-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-hz-secret +{{- end -}} + +{{- define "deployDBSecret" -}} +true +{{- end }} + +{{- define "deployNonExtDBSecret" }} +{{- if and (eq (include "deployDBSecret" .) "true") (not (.Values.global.jdbc).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{- define "secretResolver" }} +{{- if (eq (include .deploySecret .context) "true") }} +- secret: +{{- if (eq (include .deployNonExtsecret .context) "true") }} + name: {{ include .nonExtSecretName .context}} +{{- else }} + name: {{ .extSecretName }} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/pega/templates/_helpers.tpl b/charts/pega/templates/_helpers.tpl index 3a050eb44..29232c51a 100644 --- a/charts/pega/templates/_helpers.tpl +++ b/charts/pega/templates/_helpers.tpl @@ -487,3 +487,28 @@ servicePort: use-annotation v4 {{- end -}} {{- end -}} + +{{- define "pegaCredentialVolumeTemplate" }} +- name: {{ template "pegaVolumeCredentials" }} + projected: + defaultMode: 420 + sources: + {{- $dbDict := dict "deploySecret" "deployDBSecret" "deployNonExtsecret" "deployNonExtDBSecret" "extSecretName" .Values.global.jdbc.external_secret_name "nonExtSecretName" "pega-db-secret-name" "context" $ -}} + {{ include "secretResolver" $dbDict | indent 4}} + + {{- $hzDict := dict "deploySecret" "deployHzSecret" "deployNonExtsecret" "deployNonExtHzSecret" "extSecretName" .Values.hazelcast.external_secret_name "nonExtSecretName" "pega-hz-secret-name" "context" $ -}} + {{ include "secretResolver" $hzDict | indent 4}} + + {{- $streamDict := dict "deploySecret" "deployStreamSecret" "deployNonExtsecret" "deployNonExtStreamSecret" "extSecretName" .Values.stream.external_secret_name "nonExtSecretName" "pega-stream-secret-name" "context" $ -}} + {{ include "secretResolver" $streamDict | indent 4}} + + {{- $ddsDict := dict "deploySecret" "deployDDSSecret" "deployNonExtsecret" "deployNonExtDDSSecret" "extSecretName" .Values.dds.external_secret_name "nonExtSecretName" "pega-dds-secret-name" "context" $ -}} + {{ include "secretResolver" $ddsDict | indent 4}} + + {{- $artifactoryDict := dict "deploySecret" "deployArtifactorySecret" "deployNonExtsecret" "deployNonExtArtifactorySecret" "extSecretName" .Values.global.customArtifactory.authentication.external_secret_name "nonExtSecretName" "pega-custom-artifactory-secret-name" "context" $ -}} + {{ include "secretResolver" $artifactoryDict | indent 4}} + + - secret: + name: {{ include "pega-diagnostic-secret-name" $}} + +{{- end}} diff --git a/charts/pega/templates/_pega-credentials-secret.tpl b/charts/pega/templates/_pega-credentials-secret.tpl deleted file mode 100644 index 39c9152f2..000000000 --- a/charts/pega/templates/_pega-credentials-secret.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{- define "pegaCredentialsSecretTemplate" }} -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "pegaCredentialsSecret" $ }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": before-hook-creation -data: - # Base64 encoded username for connecting to the Pega DB - {{ if .Values.global.jdbc.username -}} - DB_USERNAME: {{ .Values.global.jdbc.username | b64enc }} - {{- end }} - - # Base64 encoded password for connecting to the Pega DB - {{ if .Values.global.jdbc.password -}} - DB_PASSWORD: {{ .Values.global.jdbc.password | b64enc }} - {{- end }} - - {{ if (eq (include "useBasicAuthForCustomArtifactory" .) "true") }} - # Base64 encoded username for basic authentication of custom artifactory - CUSTOM_ARTIFACTORY_USERNAME: {{ .Values.global.customArtifactory.authentication.basic.username | b64enc }} - # Base64 encoded password for basic authentication of custom artifactory - CUSTOM_ARTIFACTORY_PASSWORD: {{ .Values.global.customArtifactory.authentication.basic.password | b64enc }} - {{- end }} - - {{ if (eq (include "useApiKeyForCustomArtifactory" .) "true") }} - # Base64 encoded dedicated apikey header name and apikey value for authentication of custom artifactory - CUSTOM_ARTIFACTORY_APIKEY_HEADER: {{ .Values.global.customArtifactory.authentication.apiKey.headerName | b64enc }} - # Base64 encoded password for basic authentication of custom artifactory - CUSTOM_ARTIFACTORY_APIKEY: {{ .Values.global.customArtifactory.authentication.apiKey.value | b64enc }} - {{- end }} - - {{ if (eq (include "performDeployment" .) "true") }} - # Base64 encoded username for connecting to cassandra - CASSANDRA_USERNAME: {{ .Values.dds.username | b64enc }} - # Base64 encoded password for connecting to cassandra - CASSANDRA_PASSWORD: {{ .Values.dds.password | b64enc }} - {{ if .Values.dds.trustStorePassword -}} - # Base64 encoded password for the cassandra trust store - CASSANDRA_TRUSTSTORE_PASSWORD: {{ .Values.dds.trustStorePassword | b64enc }} - {{- end }} - {{ if .Values.dds.keyStorePassword -}} - # Base64 encoded password for the cassandra key store - CASSANDRA_KEYSTORE_PASSWORD: {{ .Values.dds.keyStorePassword | b64enc }} - {{- end }} - {{ if .Values.stream.trustStorePassword -}} - # Base64 encoded password for the stream trust store - STREAM_TRUSTSTORE_PASSWORD: {{ .Values.stream.trustStorePassword | b64enc }} - {{- end }} - {{ if .Values.stream.keyStorePassword -}} - # Base64 encoded password for the stream key store - STREAM_KEYSTORE_PASSWORD: {{ .Values.stream.keyStorePassword | b64enc }} - {{- end }} - {{ if .Values.stream.jaasConfig -}} - # Base64 encoded password for the stream trust store - STREAM_JAAS_CONFIG: {{ .Values.stream.jaasConfig | b64enc }} - {{- end }} - {{ if (eq (include "hazelcastCSConfigRequired" .) "true") }} - # Base64 encoded username used for authentication in Hazelcast client-server mode - {{ if .Values.hazelcast.username -}} - HZ_CS_AUTH_USERNAME: {{ .Values.hazelcast.username | b64enc }} - {{ end }} - # Base64 encoded password used for authentication in Hazelcast client-server mode - {{ if .Values.hazelcast.password -}} - HZ_CS_AUTH_PASSWORD: {{ .Values.hazelcast.password | b64enc }} - {{ end }} - {{ end }} - {{ range $index, $dep := .Values.global.tier}} - {{ if and ($dep.pegaDiagnosticUser) (eq $dep.name "web") }} - # Base64 encoded username for a Tomcat user that will be created with the PegaDiagnosticUser role - PEGA_DIAGNOSTIC_USER: {{ $dep.pegaDiagnosticUser | b64enc }} - # Base64 encoded password for a Tomcat user that will be created with the PegaDiagnosticUser role - PEGA_DIAGNOSTIC_PASSWORD: {{ $dep.pegaDiagnosticPassword | b64enc }} - {{ end }} - {{ end }} -{{ end }} -type: Opaque -{{- end }} diff --git a/charts/pega/templates/_secrets_helpers.tpl b/charts/pega/templates/_secrets_helpers.tpl new file mode 100644 index 000000000..28a110e49 --- /dev/null +++ b/charts/pega/templates/_secrets_helpers.tpl @@ -0,0 +1,84 @@ +{{- define "pega-dds-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-dds-secret +{{- end -}} + +{{- define "pega-stream-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-stream-secret +{{- end -}} + +{{- define "pega-custom-artifactory-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-artifactory-secret +{{- end -}} + +{{- define "pega-diagnostic-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-diagnostic-secret +{{- end -}} + +{{- define "deployStreamSecret" }} +{{- if and (eq (include "performDeployment" .) "true") ((.Values.stream).enabled) -}} +true +{{- else -}} +false +{{- end -}} +{{- end }} + +{{- define "deployNonExtStreamSecret" }} +{{- if and (eq (include "deployStreamSecret" .) "true") (not (.Values.stream).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{- define "deployHzSecret" }} +{{- if (eq (include "hazelcastCSConfigRequired" .) "true") -}} +true +{{- else -}} +false +{{- end -}} +{{- end }} + +{{- define "deployNonExtHzSecret" }} +{{- if and (eq (include "deployHzSecret" .) "true") (not (.Values.hazelcast).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{- define "deployDDSSecret" }} +{{- if and (eq (include "performDeployment" .) "true") (eq (include "cassandraEnabled" .) "true") (eq (include "internalCassandraEnabled" .) "false") -}} +true +{{- else -}} +false +{{- end -}} +{{- end }} + +{{- define "deployNonExtDDSSecret" }} +{{- if and (eq (include "deployDDSSecret" .) "true") (not (.Values.dds).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + + +{{- define "deployArtifactorySecret" }} +{{- if or (eq (include "useBasicAuthForCustomArtifactory" .) "true") (eq (include "useApiKeyForCustomArtifactory" .) "true") (.Values.global.customArtifactory.authentication.external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end }} + +{{- define "deployNonExtArtifactorySecret" }} +{{- if and (eq (include "deployArtifactorySecret" .) "true") (not (.Values.global.customArtifactory.authentication).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/pega/templates/_supplemental.tpl b/charts/pega/templates/_supplemental.tpl index e8eb70789..20e01f3ef 100644 --- a/charts/pega/templates/_supplemental.tpl +++ b/charts/pega/templates/_supplemental.tpl @@ -1,14 +1,17 @@ {{- /* deploymentName -pegaCredentialsSecret pegaRegistrySecret imagePullSecrets -pegaCredentialVolumeTemplate pegaVolumeCredentials customArtifactorySSLVerificationEnabled performDeployment performInstallAndDeployment -performUpgradeAndDeployment are copied from pega/templates/_helpers.tpl because helm lint requires +performUpgradeAndDeployment +pega-db-secret-name +pega-hz-secret-name +deployDBSecret +deployNonExtDBSecret +secretResolver are copied from pega/templates/_helpers.tpl because helm lint requires charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details. */}} @@ -17,11 +20,6 @@ charts to render standalone. See: https://github.com/helm/helm/issues/11260 for {{- define "pegaVolumeCredentials" }}pega-volume-credentials{{- end }} -{{- define "pegaCredentialsSecret" }} -{{- $depName := printf "%s" (include "deploymentName" $) -}} -{{- $depName -}}-credentials-secret -{{- end }} - {{- define "initContainerResources" }} resources: # Resources requests/limits for initContainers @@ -33,35 +31,6 @@ charts to render standalone. See: https://github.com/helm/helm/issues/11260 for memory: 64Mi {{- end }} -{{- define "pegaCredentialVolumeTemplate" }} -- name: {{ template "pegaVolumeCredentials" }} - projected: - defaultMode: 420 - sources: - - secret: - name: {{ template "pegaCredentialsSecret" $ }} - {{ if ((.Values.global.jdbc).external_secret_name) }} - - secret: - name: {{ .Values.global.jdbc.external_secret_name }} - {{- end }} - {{ if ((.Values.hazelcast).external_secret_name)}} - - secret: - name: {{ .Values.hazelcast.external_secret_name }} - {{- end }} - {{ if ((.Values.global.customArtifactory.authentication).external_secret_name) }} - - secret: - name: {{ .Values.global.customArtifactory.authentication.external_secret_name }} - {{- end }} - {{ if ((.Values.dds).external_secret_name)}} - - secret: - name: {{ .Values.dds.external_secret_name }} - {{- end }} - {{ if ((.Values.stream).external_secret_name)}} - - secret: - name: {{ .Values.stream.external_secret_name }} - {{- end }} -{{- end}} - {{- define "customArtifactorySSLVerificationEnabled" }} {{- if (.Values.global.customArtifactory) }} {{- if (.Values.global.customArtifactory.enableSSLVerification) }} @@ -113,4 +82,37 @@ false {{- else -}} false {{- end -}} -{{- end }} \ No newline at end of file +{{- end }} + +{{- define "pega-db-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-db-secret +{{- end -}} + +{{- define "pega-hz-secret-name" }} +{{- $depName := printf "%s" (include "deploymentName" $) -}} +{{- $depName -}}-hz-secret +{{- end -}} + +{{- define "deployDBSecret" -}} +true +{{- end }} + +{{- define "deployNonExtDBSecret" }} +{{- if and (eq (include "deployDBSecret" .) "true") (not (.Values.global.jdbc).external_secret_name) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{- define "secretResolver" }} +{{- if (eq (include .deploySecret .context) "true") }} +- secret: +{{- if (eq (include .deployNonExtsecret .context) "true") }} + name: {{ include .nonExtSecretName .context}} +{{- else }} + name: {{ .extSecretName }} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/pega/templates/pega-credentials-secret.yaml b/charts/pega/templates/pega-credentials-secret.yaml deleted file mode 100644 index a7a1476f4..000000000 --- a/charts/pega/templates/pega-credentials-secret.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "pegaCredentialsSecretTemplate" . }} diff --git a/charts/pega/templates/pega-custom-artifactory-secret.yaml b/charts/pega/templates/pega-custom-artifactory-secret.yaml new file mode 100644 index 000000000..2995b755f --- /dev/null +++ b/charts/pega/templates/pega-custom-artifactory-secret.yaml @@ -0,0 +1,25 @@ +{{- if ((eq (include "deployNonExtArtifactorySecret" .) "true")) }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "pega-custom-artifactory-secret-name" $ }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: + {{ if (eq (include "useBasicAuthForCustomArtifactory" .) "true") }} + # Base64 encoded username for basic authentication of custom artifactory + CUSTOM_ARTIFACTORY_USERNAME: {{ .Values.global.customArtifactory.authentication.basic.username | b64enc }} + # Base64 encoded password for basic authentication of custom artifactory + CUSTOM_ARTIFACTORY_PASSWORD: {{ .Values.global.customArtifactory.authentication.basic.password | b64enc }} + {{- end }} + + {{ if (eq (include "useApiKeyForCustomArtifactory" .) "true") }} + # Base64 encoded dedicated apikey header name and apikey value for authentication of custom artifactory + CUSTOM_ARTIFACTORY_APIKEY_HEADER: {{ .Values.global.customArtifactory.authentication.apiKey.headerName | b64enc }} + # Base64 encoded password for basic authentication of custom artifactory + CUSTOM_ARTIFACTORY_APIKEY: {{ .Values.global.customArtifactory.authentication.apiKey.value | b64enc }} + {{- end }} +{{ end }} \ No newline at end of file diff --git a/charts/pega/templates/pega-db-secret.yaml b/charts/pega/templates/pega-db-secret.yaml new file mode 100644 index 000000000..bd761de6e --- /dev/null +++ b/charts/pega/templates/pega-db-secret.yaml @@ -0,0 +1,21 @@ +{{- if ((eq (include "deployNonExtDBSecret" .) "true")) }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "pega-db-secret-name" $ }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: + # Base64 encoded username for connecting to the Pega DB + {{ if .Values.global.jdbc.username -}} + DB_USERNAME: {{ .Values.global.jdbc.username | b64enc }} + {{- end }} + + # Base64 encoded password for connecting to the Pega DB + {{ if .Values.global.jdbc.password -}} + DB_PASSWORD: {{ .Values.global.jdbc.password | b64enc }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/pega/templates/pega-dds-secret.yaml b/charts/pega/templates/pega-dds-secret.yaml new file mode 100644 index 000000000..cde26794d --- /dev/null +++ b/charts/pega/templates/pega-dds-secret.yaml @@ -0,0 +1,31 @@ +{{ if (eq (include "deployNonExtDDSSecret" .) "true") }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "pega-dds-secret-name" $ }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: + # Base64 encoded username for connecting to cassandra + {{ if .Values.dds.username -}} + CASSANDRA_USERNAME: {{ .Values.dds.username | b64enc }} + {{- end }} + + # Base64 encoded password for connecting to cassandra + {{ if .Values.dds.password -}} + CASSANDRA_PASSWORD: {{ .Values.dds.password | b64enc }} + {{- end }} + + {{ if .Values.dds.trustStorePassword -}} + # Base64 encoded password for the cassandra trust store + CASSANDRA_TRUSTSTORE_PASSWORD: {{ .Values.dds.trustStorePassword | b64enc }} + {{- end }} + + {{ if .Values.dds.keyStorePassword -}} + # Base64 encoded password for the cassandra key store + CASSANDRA_KEYSTORE_PASSWORD: {{ .Values.dds.keyStorePassword | b64enc }} + {{- end }} +{{ end }} \ No newline at end of file diff --git a/charts/pega/templates/pega-diagnostic-secret.yaml b/charts/pega/templates/pega-diagnostic-secret.yaml new file mode 100644 index 000000000..b3a5884f4 --- /dev/null +++ b/charts/pega/templates/pega-diagnostic-secret.yaml @@ -0,0 +1,20 @@ +{{ if (eq (include "performDeployment" .) "true") }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "pega-diagnostic-secret-name" $ }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: + {{ range $index, $dep := .Values.global.tier}} + {{ if and ($dep.pegaDiagnosticUser) (eq $dep.name "web") }} + # Base64 encoded username for a Tomcat user that will be created with the PegaDiagnosticUser role + PEGA_DIAGNOSTIC_USER: {{ $dep.pegaDiagnosticUser | b64enc }} + # Base64 encoded password for a Tomcat user that will be created with the PegaDiagnosticUser role + PEGA_DIAGNOSTIC_PASSWORD: {{ $dep.pegaDiagnosticPassword | b64enc }} + {{ end }} + {{ end }} +{{ end }} \ No newline at end of file diff --git a/charts/pega/templates/pega-hz-secret.yaml b/charts/pega/templates/pega-hz-secret.yaml new file mode 100644 index 000000000..3ff9787f2 --- /dev/null +++ b/charts/pega/templates/pega-hz-secret.yaml @@ -0,0 +1,21 @@ +{{ if ((eq (include "deployNonExtHzSecret" .) "true")) }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "pega-hz-secret-name" $ }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: + + # Base64 encoded username used for authentication in Hazelcast client-server mode + {{ if .Values.hazelcast.username -}} + HZ_CS_AUTH_USERNAME: {{ .Values.hazelcast.username | b64enc }} + {{ end }} + # Base64 encoded password used for authentication in Hazelcast client-server mode + {{ if .Values.hazelcast.password -}} + HZ_CS_AUTH_PASSWORD: {{ .Values.hazelcast.password | b64enc }} + {{ end }} +{{ end }} \ No newline at end of file diff --git a/charts/pega/templates/pega-stream-secret.yaml b/charts/pega/templates/pega-stream-secret.yaml new file mode 100644 index 000000000..eb2b8dbca --- /dev/null +++ b/charts/pega/templates/pega-stream-secret.yaml @@ -0,0 +1,24 @@ +{{ if ((eq (include "deployNonExtStreamSecret" .) "true")) }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ template "pega-stream-secret-name" $ }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: + {{ if .Values.stream.trustStorePassword -}} + # Base64 encoded password for the stream trust store + STREAM_TRUSTSTORE_PASSWORD: {{ .Values.stream.trustStorePassword | b64enc }} + {{- end }} + {{ if .Values.stream.keyStorePassword -}} + # Base64 encoded password for the stream key store + STREAM_KEYSTORE_PASSWORD: {{ .Values.stream.keyStorePassword | b64enc }} + {{- end }} + {{ if .Values.stream.jaasConfig -}} + # Base64 encoded password for the stream trust store + STREAM_JAAS_CONFIG: {{ .Values.stream.jaasConfig | b64enc }} + {{- end }} +{{ end }} \ No newline at end of file diff --git a/terratest/src/test/pega/clustering-service-deployment_test.go b/terratest/src/test/pega/clustering-service-deployment_test.go index 9579da81e..fcb8930ca 100644 --- a/terratest/src/test/pega/clustering-service-deployment_test.go +++ b/terratest/src/test/pega/clustering-service-deployment_test.go @@ -56,7 +56,7 @@ func VerifyClusteringServiceDeployment(t *testing.T, yamlContent string) { require.Equal(t, "1Gi", statefulsetSpec.Containers[0].Resources.Requests.Memory().String()) require.Equal(t, statefulsetSpec.Volumes[0].Name, "logs") require.Equal(t, statefulsetSpec.Volumes[1].Name, "hazelcast-volume-credentials") - require.Equal(t, statefulsetSpec.Volumes[1].Projected.Sources[0].Secret.Name, "pega-credentials-secret") + require.Equal(t, statefulsetSpec.Volumes[1].Projected.Sources[0].Secret.Name, "pega-hz-secret") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[0].Name, "logs") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[0].MountPath, "/opt/hazelcast/logs") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[1].Name, "hazelcast-volume-credentials") diff --git a/terratest/src/test/pega/data/values_with_externalsecrets.yaml b/terratest/src/test/pega/data/values_with_externalsecrets.yaml index 5aaf489e3..0f67250b5 100644 --- a/terratest/src/test/pega/data/values_with_externalsecrets.yaml +++ b/terratest/src/test/pega/data/values_with_externalsecrets.yaml @@ -5,6 +5,8 @@ global: enableSSLVerification: true authentication: external_secret_name: "customArtifactory-secret" + jdbc: + external_secret_name: "db-secret" tier: - name: "web" nodeType: "WebUser" @@ -34,8 +36,11 @@ global: custom: dds: external_secret_name: "dds-secret" + externalNodes: "123.33.44.55" hazelcast: enabled: true external_secret_name: "hazelcast-secret" stream: external_secret_name: "kafka-secret" +cassandra: + enabled: true diff --git a/terratest/src/test/pega/data/values_with_tier_diagnostic.yaml b/terratest/src/test/pega/data/values_with_tier_diagnostic.yaml new file mode 100644 index 000000000..3df11f602 --- /dev/null +++ b/terratest/src/test/pega/data/values_with_tier_diagnostic.yaml @@ -0,0 +1,6 @@ +--- +global: + tier: + - name: "web" + pegaDiagnosticUser: "" + pegaDiagnosticPassword: "" diff --git a/terratest/src/test/pega/pega-credentials-secret-with-cassandra-enc_test.go b/terratest/src/test/pega/pega-credentials-secret-with-cassandra-enc_test.go deleted file mode 100644 index 2fbf1d76d..000000000 --- a/terratest/src/test/pega/pega-credentials-secret-with-cassandra-enc_test.go +++ /dev/null @@ -1,62 +0,0 @@ -package pega - -import ( - "fmt" - "path/filepath" - "strings" - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/require" - k8score "k8s.io/api/core/v1" -) - -const trustStorePassword = "trustStore" -const keyStorePassword = "keyStore" - -func TestPegaCredentialsSecretWithCassandraEncryptionPresent(t *testing.T) { - var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} - var supportedOperations = []string{"install", "install-deploy", "upgrade", "upgrade-deploy"} - - helmChartPath, err := filepath.Abs(PegaHelmChartPath) - require.NoError(t, err) - - for _, vendor := range supportedVendors { - - for _, operation := range supportedOperations { - - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), - "dds.trustStorePassword": trustStorePassword, - "dds.keyStorePassword": keyStorePassword, - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - verifyCredentialsSecret(t, yamlContent, operation) - } - } - -} - -func verifyCredentialsSecret(t *testing.T, yamlContent string, operation string) { - - var secretobj k8score.Secret - UnmarshalK8SYaml(t, yamlContent, &secretobj) - secretData := secretobj.Data - require.Equal(t, "YOUR_JDBC_USERNAME", string(secretData["DB_USERNAME"])) - require.Equal(t, "YOUR_JDBC_PASSWORD", string(secretData["DB_PASSWORD"])) - if strings.Contains(operation, "deploy") { - require.Equal(t, trustStorePassword, string(secretData["CASSANDRA_TRUSTSTORE_PASSWORD"])) - require.Equal(t, keyStorePassword, string(secretData["CASSANDRA_KEYSTORE_PASSWORD"])) - } else { - require.Equal(t, "", string(secretData["CASSANDRA_TRUSTSTORE_PASSWORD"])) - require.Equal(t, "", string(secretData["CASSANDRA_KEYSTORE_PASSWORD"])) - } - -} diff --git a/terratest/src/test/pega/pega-credentials-secret-with-external-stream_test.go b/terratest/src/test/pega/pega-credentials-secret-with-external-stream_test.go deleted file mode 100644 index e879c3e10..000000000 --- a/terratest/src/test/pega/pega-credentials-secret-with-external-stream_test.go +++ /dev/null @@ -1,64 +0,0 @@ -package pega - -import ( - "fmt" - "path/filepath" - "strings" - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/require" - k8score "k8s.io/api/core/v1" -) - -const streamTrustStorePassword = "trustStore" -const streamKeyStorePassword = "keyStore" -const jaasConfig = "jaasConfig" - -func TestPegaCredentialsSecretWithExternalStreamArePresent(t *testing.T) { - var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} - var supportedOperations = []string{"install", "install-deploy", "upgrade", "upgrade-deploy"} - - helmChartPath, err := filepath.Abs(PegaHelmChartPath) - require.NoError(t, err) - - for _, vendor := range supportedVendors { - - for _, operation := range supportedOperations { - - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), - "stream.trustStorePassword": streamTrustStorePassword, - "stream.keyStorePassword": streamKeyStorePassword, - "stream.jaasConfig": jaasConfig, - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - verifyStreamCredentialsSecret(t, yamlContent, operation) - } - } - -} - -func verifyStreamCredentialsSecret(t *testing.T, yamlContent string, operation string) { - - var secretobj k8score.Secret - UnmarshalK8SYaml(t, yamlContent, &secretobj) - secretData := secretobj.Data - if strings.Contains(operation, "deploy") { - require.Equal(t, streamTrustStorePassword, string(secretData["STREAM_TRUSTSTORE_PASSWORD"])) - require.Equal(t, streamKeyStorePassword, string(secretData["STREAM_KEYSTORE_PASSWORD"])) - require.Equal(t, jaasConfig, string(secretData["STREAM_JAAS_CONFIG"])) - } else { - require.Equal(t, "", string(secretData["STREAM_TRUSTSTORE_PASSWORD"])) - require.Equal(t, "", string(secretData["STREAM_KEYSTORE_PASSWORD"])) - require.Equal(t, "", string(secretData["STREAM_JAAS_CONFIG"])) - } - -} diff --git a/terratest/src/test/pega/pega-credentials-secret-with-hzcs_test.go b/terratest/src/test/pega/pega-credentials-secret-with-hzcs_test.go deleted file mode 100755 index 482d78cc5..000000000 --- a/terratest/src/test/pega/pega-credentials-secret-with-hzcs_test.go +++ /dev/null @@ -1,82 +0,0 @@ -package pega - -import ( - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/require" - k8score "k8s.io/api/core/v1" - "path/filepath" - "testing" - "fmt" -) - -var supportedVendors = []string{"k8s","openshift","eks","gke","aks","pks"} -const HZ_CS_AUTH_USERNAME = "HZClusterUser" -const HZ_CS_AUTH_PASSWORD = "HZclusterPassword" - -func TestPegaCredentialsSecretWhenHazelcastIsEnabled(t *testing.T){ - var supportedOperations = []string{"deploy","install-deploy", "upgrade-deploy"} - - helmChartPath, err := filepath.Abs(PegaHelmChartPath) - require.NoError(t, err) - - - for _,vendor := range supportedVendors{ - - for _,operation := range supportedOperations{ - - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": "zero-downtime", - "hazelcast.enabled": "true", - "hazelcast.migration.embeddedToCSMigration": "false", - "hazelcast.username": HZ_CS_AUTH_USERNAME, - "hazelcast.password": HZ_CS_AUTH_PASSWORD, - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - VerifyCredentialsSecretWhenHazelcastIsEnabled(t,yamlContent) - } - } - - for _,vendor := range supportedVendors{ - - for _,operation := range supportedOperations{ - - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": "zero-downtime", - "hazelcast.enabled": "false", - "hazelcast.clusteringServiceEnabled": "true", - "hazelcast.migration.embeddedToCSMigration": "false", - "hazelcast.username": HZ_CS_AUTH_USERNAME, - "hazelcast.password": HZ_CS_AUTH_PASSWORD, - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - VerifyCredentialsSecretWhenHazelcastIsEnabled(t,yamlContent) - } - } - - -} - -func VerifyCredentialsSecretWhenHazelcastIsEnabled(t *testing.T, yamlContent string) { - - var secretobj k8score.Secret - UnmarshalK8SYaml(t, yamlContent, &secretobj) - secretData := secretobj.Data - require.Equal(t, string(secretData["DB_USERNAME"]), "YOUR_JDBC_USERNAME") - require.Equal(t, string(secretData["DB_PASSWORD"]), "YOUR_JDBC_PASSWORD") - require.Equal(t, string(secretData["HZ_CS_AUTH_USERNAME"]), HZ_CS_AUTH_USERNAME) - require.Equal(t, string(secretData["HZ_CS_AUTH_PASSWORD"]), HZ_CS_AUTH_PASSWORD) -} \ No newline at end of file diff --git a/terratest/src/test/pega/pega-credentials-secret_test.go b/terratest/src/test/pega/pega-credentials-secret_test.go deleted file mode 100644 index becbc0c1c..000000000 --- a/terratest/src/test/pega/pega-credentials-secret_test.go +++ /dev/null @@ -1,239 +0,0 @@ -package pega - -import ( - "fmt" - "path/filepath" - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/stretchr/testify/require" - k8score "k8s.io/api/core/v1" -) - - -func TestPegaCredentialsSecret(t *testing.T){ - var supportedVendors = []string{"k8s","openshift","eks","gke","aks","pks"} - var supportedOperations = []string{"install","install-deploy", "upgrade", "upgrade-deploy"} - var deploymentNames = []string{"pega","myapp-dev"} - - helmChartPath, err := filepath.Abs(PegaHelmChartPath) - require.NoError(t, err) - - for _, vendor := range supportedVendors { - - for _, operation := range supportedOperations { - - for _, depName := range deploymentNames { - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.deployment.name": depName, - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - VerifyCredentialsSecret(t, yamlContent, options) - } - } - } - -} - -func TestPegaCredentialsSecretWithArtifactoryBasicAuth(t *testing.T){ - var supportedVendors = []string{"k8s","openshift","eks","gke","aks","pks"} - var supportedOperations = []string{"install","install-deploy", "upgrade", "upgrade-deploy"} - var deploymentNames = []string{"pega","myapp-dev"} - - helmChartPath, err := filepath.Abs(PegaHelmChartPath) - require.NoError(t, err) - - for _, vendor := range supportedVendors { - - for _, operation := range supportedOperations { - - for _, depName := range deploymentNames { - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.deployment.name": depName, - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), - "global.customArtifactory.authentication.basic.username": "username", - "global.customArtifactory.authentication.basic.password": "pwd", - "global.customArtifactory.authentication.apiKey.headerName": "", - "global.customArtifactory.authentication.apiKey.value": "", - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - VerifyCredentialsSecretArtifactoryBasicAuth(t, yamlContent, options, true) - } - } - } - -} - -func TestPegaCredentialsSecretWithNoArtifactoryBasicAuth(t *testing.T){ - var supportedVendors = []string{"k8s","openshift","eks","gke","aks","pks"} - var supportedOperations = []string{"install","install-deploy", "upgrade", "upgrade-deploy"} - var deploymentNames = []string{"pega","myapp-dev"} - - helmChartPath, err := filepath.Abs(PegaHelmChartPath) - require.NoError(t, err) - - for _, vendor := range supportedVendors { - - for _, operation := range supportedOperations { - - for _, depName := range deploymentNames { - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.deployment.name": depName, - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), - "global.customArtifactory.authentication.basic.username": "", - "global.customArtifactory.authentication.basic.password": "pwd", - "global.customArtifactory.authentication.apiKey.headerName": "", - "global.customArtifactory.authentication.apiKey.value": "", - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - VerifyCredentialsSecretArtifactoryBasicAuth(t, yamlContent, options, false) - } - } - } - -} - -func TestPegaCredentialsSecretWithArtifactoryApiKeyAuth(t *testing.T){ - var supportedVendors = []string{"k8s","openshift","eks","gke","aks","pks"} - var supportedOperations = []string{"install","install-deploy", "upgrade", "upgrade-deploy"} - var deploymentNames = []string{"pega","myapp-dev"} - - helmChartPath, err := filepath.Abs(PegaHelmChartPath) - require.NoError(t, err) - - for _, vendor := range supportedVendors { - - for _, operation := range supportedOperations { - - for _, depName := range deploymentNames { - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.deployment.name": depName, - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), - "global.customArtifactory.authentication.apiKey.headerName": "headerName", - "global.customArtifactory.authentication.apiKey.value": "apiKey-value", - "global.customArtifactory.authentication.basic.username": "", - "global.customArtifactory.authentication.basic.password": "", - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - VerifyCredentialsSecretArtifactoryApiKeyAuth(t, yamlContent, options, true) - } - } - } - -} - -func TestPegaCredentialsSecretWithNoArtifactoryApiKeyAuth(t *testing.T){ - var supportedVendors = []string{"k8s","openshift","eks","gke","aks","pks"} - var supportedOperations = []string{"install","install-deploy", "upgrade", "upgrade-deploy"} - var deploymentNames = []string{"pega","myapp-dev"} - - helmChartPath, err := filepath.Abs(PegaHelmChartPath) - require.NoError(t, err) - - for _, vendor := range supportedVendors { - - for _, operation := range supportedOperations { - - for _, depName := range deploymentNames { - fmt.Println(vendor + "-" + operation) - - var options = &helm.Options{ - SetValues: map[string]string{ - "global.deployment.name": depName, - "global.provider": vendor, - "global.actions.execute": operation, - "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), - "global.customArtifactory.authentication.apiKey.headerName": "headerName", - "global.customArtifactory.authentication.apiKey.value": "", - "global.customArtifactory.authentication.basic.username": "", - "global.customArtifactory.authentication.basic.password": "", - }, - } - - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-credentials-secret.yaml"}) - VerifyCredentialsSecretArtifactoryApiKeyAuth(t, yamlContent, options, false) - } - } - } - -} - -func VerifyCredentialsSecretArtifactoryBasicAuth(t *testing.T, yamlContent string, options *helm.Options, expectBasicAuthData bool) { - - var secretobj k8score.Secret - UnmarshalK8SYaml(t, yamlContent, &secretobj) - - require.Equal(t, secretobj.ObjectMeta.Name, getObjName(options, "-credentials-secret")) - secretData := secretobj.Data - if expectBasicAuthData == true { - require.Equal(t, "username", string(secretData["CUSTOM_ARTIFACTORY_USERNAME"])) - require.Equal(t, "pwd", string(secretData["CUSTOM_ARTIFACTORY_PASSWORD"])) - } else { - require.Empty(t, string(secretData["CUSTOM_ARTIFACTORY_USERNAME"])) - require.Empty(t, string(secretData["CUSTOM_ARTIFACTORY_PASSWORD"])) - } - - require.Empty(t, string(secretData["CUSTOM_ARTIFACTORY_APIKEY_HEADER"])) - require.Empty(t, string(secretData["CUSTOM_ARTIFACTORY_APIKEY"])) -} - -func VerifyCredentialsSecretArtifactoryApiKeyAuth(t *testing.T, yamlContent string, options *helm.Options, expectApiKeyAuthData bool) { - - var secretobj k8score.Secret - UnmarshalK8SYaml(t, yamlContent, &secretobj) - - require.Equal(t, secretobj.ObjectMeta.Name, getObjName(options, "-credentials-secret")) - secretData := secretobj.Data - if expectApiKeyAuthData == true { - require.Equal(t, "headerName", string(secretData["CUSTOM_ARTIFACTORY_APIKEY_HEADER"])) - require.Equal(t, "apiKey-value", string(secretData["CUSTOM_ARTIFACTORY_APIKEY"])) - } else { - require.Empty(t, string(secretData["CUSTOM_ARTIFACTORY_APIKEY_HEADER"])) - require.Empty(t, string(secretData["CUSTOM_ARTIFACTORY_APIKEY"])) - } - - require.Empty(t, string(secretData["CUSTOM_ARTIFACTORY_USERNAME"])) - require.Empty(t, string(secretData["CUSTOM_ARTIFACTORY_PASSWORD"])) -} - -func VerifyCredentialsSecret(t *testing.T, yamlContent string, options *helm.Options) { - - var secretobj k8score.Secret - UnmarshalK8SYaml(t, yamlContent, &secretobj) - - require.Equal(t, secretobj.ObjectMeta.Name, getObjName(options, "-credentials-secret")) - secretData := secretobj.Data - require.Equal(t, "YOUR_JDBC_USERNAME", string(secretData["DB_USERNAME"])) - require.Equal(t, "YOUR_JDBC_PASSWORD", string(secretData["DB_PASSWORD"])) - require.Equal(t, "", string(secretData["CASSANDRA_TRUSTSTORE_PASSWORD"])) - require.Equal(t, "", string(secretData["CASSANDRA_KEYSTORE_PASSWORD"])) -} diff --git a/terratest/src/test/pega/pega-custom-artifactory-secret-with-apikey_test.go b/terratest/src/test/pega/pega-custom-artifactory-secret-with-apikey_test.go new file mode 100644 index 000000000..3f8a725ea --- /dev/null +++ b/terratest/src/test/pega/pega-custom-artifactory-secret-with-apikey_test.go @@ -0,0 +1,56 @@ +package pega + +import ( + "fmt" + "path/filepath" + "testing" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + k8score "k8s.io/api/core/v1" +) + +const apiKeyHeaderName = "apiKeyHeaderName" +const apiKeyHeaderValue = "apiKeyHeaderValue" + +func TestPegaCustomArtifactorySecretWithApiKey(t *testing.T) { + var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} + var deploymentNames = []string{"pega", "myapp-dev"} + var supportedOperations = []string{"install", "upgrade", "install-deploy", "deploy", "upgrade-deploy"} + + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + for _, depName := range deploymentNames { + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + SetValues: map[string]string{ + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), + "global.customArtifactory.authentication.apiKey.headerName": apiKeyHeaderName, + "global.customArtifactory.authentication.apiKey.value": apiKeyHeaderValue, + }, + } + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-custom-artifactory-secret.yaml"}) + verifyCustomArtifactorySecretApiKey(t, yamlContent) + } + } + } + +} + +func verifyCustomArtifactorySecretApiKey(t *testing.T, yamlContent string) { + + var secretobj k8score.Secret + UnmarshalK8SYaml(t, yamlContent, &secretobj) + secretData := secretobj.Data + require.Equal(t, apiKeyHeaderName, string(secretData["CUSTOM_ARTIFACTORY_APIKEY_HEADER"])) + require.Equal(t, apiKeyHeaderValue, string(secretData["CUSTOM_ARTIFACTORY_APIKEY"])) +} diff --git a/terratest/src/test/pega/pega-custom-artifactory-secret-with-basic-auth_test.go b/terratest/src/test/pega/pega-custom-artifactory-secret-with-basic-auth_test.go new file mode 100644 index 000000000..782f14c2a --- /dev/null +++ b/terratest/src/test/pega/pega-custom-artifactory-secret-with-basic-auth_test.go @@ -0,0 +1,56 @@ +package pega + +import ( + "fmt" + "path/filepath" + "testing" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + k8score "k8s.io/api/core/v1" +) + +const basicAuthUsername = "basicUsername" +const basicAuthPassword = "basicPassword" + +func TestPegaCustomArtifactorySecretWithBasicAuth(t *testing.T) { + var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} + var deploymentNames = []string{"pega", "myapp-dev"} + var supportedOperations = []string{"install", "upgrade", "install-deploy", "deploy", "upgrade-deploy"} + + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + for _, depName := range deploymentNames { + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + SetValues: map[string]string{ + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), + "global.customArtifactory.authentication.basic.username": basicAuthUsername, + "global.customArtifactory.authentication.basic.password": basicAuthPassword, + }, + } + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-custom-artifactory-secret.yaml"}) + verifyCustomArtifactorySecret(t, yamlContent) + } + } + } + +} + +func verifyCustomArtifactorySecret(t *testing.T, yamlContent string) { + + var secretobj k8score.Secret + UnmarshalK8SYaml(t, yamlContent, &secretobj) + secretData := secretobj.Data + require.Equal(t, basicAuthUsername, string(secretData["CUSTOM_ARTIFACTORY_USERNAME"])) + require.Equal(t, basicAuthPassword, string(secretData["CUSTOM_ARTIFACTORY_PASSWORD"])) +} diff --git a/terratest/src/test/pega/pega-custom-upgrade_test.go b/terratest/src/test/pega/pega-custom-upgrade_test.go index 1a0a14cf7..f0dfd17b5 100644 --- a/terratest/src/test/pega/pega-custom-upgrade_test.go +++ b/terratest/src/test/pega/pega-custom-upgrade_test.go @@ -41,7 +41,6 @@ func TestPegaUpgradeJob(t *testing.T) { assertUpgradeJob(t, yamlSplit[1], pegaDbJob{"pega-db-custom-upgrade", []string{}, "pega-upgrade-environment-config", "pega-installer"}, options) - } } } @@ -58,8 +57,8 @@ func assertUpgradeJob(t *testing.T, jobYaml string, expectedJob pegaDbJob, optio var containerPort int32 = 8080 - require.Equal(t, jobSpec.Volumes[0].Name, "pega-volume-credentials") - require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.Sources[0].Secret.Name, getObjName(options, "-credentials-secret")) + require.Equal(t, jobSpec.Volumes[0].Name, "pega-installer-credentials-volume") + require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.Sources[0].Secret.Name, getObjName(options, "-db-secret")) require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.DefaultMode, volDefaultModePointer) require.Equal(t, jobSpec.Volumes[1].Name, "pega-volume-installer") @@ -67,15 +66,15 @@ func assertUpgradeJob(t *testing.T, jobYaml string, expectedJob pegaDbJob, optio require.Equal(t, jobSpec.Volumes[1].VolumeSource.ConfigMap.DefaultMode, volDefaultModePointer) - if(jobContainers[0].Name=="pega-db-upgrade-rules-migration" || jobContainers[0].Name=="pega-db-upgrade-rules-upgrade" || jobContainers[0].Name=="pega-db-upgrade-data-upgrade" ) { - require.Equal(t, jobContainers[0].Name, "pega-installer") + if jobContainers[0].Name == "pega-db-upgrade-rules-migration" || jobContainers[0].Name == "pega-db-upgrade-rules-upgrade" || jobContainers[0].Name == "pega-db-upgrade-data-upgrade" { + require.Equal(t, jobContainers[0].Name, "pega-installer") } require.Equal(t, "YOUR_INSTALLER_IMAGE:TAG", jobContainers[0].Image) require.Equal(t, jobContainers[0].Ports[0].ContainerPort, containerPort) require.Equal(t, jobContainers[0].VolumeMounts[0].Name, "pega-volume-installer") require.Equal(t, jobContainers[0].VolumeMounts[0].MountPath, "/opt/pega/config") - require.Equal(t, jobContainers[0].VolumeMounts[1].Name, "pega-volume-credentials") + require.Equal(t, jobContainers[0].VolumeMounts[1].Name, "pega-installer-credentials-volume") require.Equal(t, jobContainers[0].VolumeMounts[1].MountPath, "/opt/pega/secrets") require.Equal(t, jobContainers[0].EnvFrom[0].ConfigMapRef.LocalObjectReference.Name, expectedJob.configMapName) diff --git a/terratest/src/test/pega/pega-db-secret_test.go b/terratest/src/test/pega/pega-db-secret_test.go new file mode 100644 index 000000000..42375e2d4 --- /dev/null +++ b/terratest/src/test/pega/pega-db-secret_test.go @@ -0,0 +1,70 @@ +package pega + +import ( + "fmt" + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + k8score "k8s.io/api/core/v1" + "path/filepath" + "testing" +) + +func TestPegaDBSecret(t *testing.T) { + var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} + var supportedOperations = []string{"install", "deploy", "install-deploy", "upgrade-deploy"} + var deploymentNames = []string{"pega", "myapp-dev"} + + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + for _, depName := range deploymentNames { + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + SetValues: map[string]string{ + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), + }, + } + + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-db-secret.yaml"}) + VerifyDBSecret(t, yamlContent) + } + } + } + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + SetValues: map[string]string{ + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": "zero-downtime", + }, + } + + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-db-secret.yaml"}) + VerifyDBSecret(t, yamlContent) + } + } + +} + +func VerifyDBSecret(t *testing.T, yamlContent string) { + + var secretobj k8score.Secret + UnmarshalK8SYaml(t, yamlContent, &secretobj) + secretData := secretobj.Data + require.Equal(t, string(secretData["DB_USERNAME"]), "YOUR_JDBC_USERNAME") + require.Equal(t, string(secretData["DB_PASSWORD"]), "YOUR_JDBC_PASSWORD") +} diff --git a/terratest/src/test/pega/pega-dds-secret_test.go b/terratest/src/test/pega/pega-dds-secret_test.go new file mode 100644 index 000000000..dcca346b8 --- /dev/null +++ b/terratest/src/test/pega/pega-dds-secret_test.go @@ -0,0 +1,58 @@ +package pega + +import ( + "fmt" + "path/filepath" + "testing" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + k8score "k8s.io/api/core/v1" +) + +const trustStorePassword = "trustStore" +const keyStorePassword = "keyStore" + +func TestPegaDDSSecretWithEncryptionPresent(t *testing.T) { + var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} + var supportedOperations = []string{"install-deploy", "deploy", "upgrade-deploy"} + var deploymentNames = []string{"pega", "myapp-dev"} + + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + for _, depName := range deploymentNames { + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + SetValues: map[string]string{ + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), + "dds.externalNodes": "123.45.60.00", + "dds.trustStorePassword": trustStorePassword, + "dds.keyStorePassword": keyStorePassword, + }, + } + + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-dds-secret.yaml"}) + verifyDDSSecret(t, yamlContent) + } + } + } + +} + +func verifyDDSSecret(t *testing.T, yamlContent string) { + + var secretobj k8score.Secret + UnmarshalK8SYaml(t, yamlContent, &secretobj) + secretData := secretobj.Data + require.Equal(t, trustStorePassword, string(secretData["CASSANDRA_TRUSTSTORE_PASSWORD"])) + require.Equal(t, keyStorePassword, string(secretData["CASSANDRA_KEYSTORE_PASSWORD"])) +} diff --git a/terratest/src/test/pega/pega-diagnostic-secret_test.go b/terratest/src/test/pega/pega-diagnostic-secret_test.go new file mode 100644 index 000000000..6de4bdf66 --- /dev/null +++ b/terratest/src/test/pega/pega-diagnostic-secret_test.go @@ -0,0 +1,56 @@ +package pega + +import ( + "fmt" + "path/filepath" + "testing" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + k8score "k8s.io/api/core/v1" +) + +const diagnosticWebUser = "" +const diagnosticWebPassword = "" + +func TestPegaDiagnosticSecret(t *testing.T) { + var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} + var supportedOperations = []string{"install-deploy", "deploy", "upgrade-deploy"} + var deploymentNames = []string{"pega", "myapp-dev"} + + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + for _, depName := range deploymentNames { + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + ValuesFiles: []string{"data/values_with_tier_diagnostic.yaml"}, + SetValues: map[string]string{ + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), + }, + } + + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-diagnostic-secret.yaml"}) + verifyDiagnosticSecret(t, yamlContent) + } + } + } + +} + +func verifyDiagnosticSecret(t *testing.T, yamlContent string) { + + var secretobj k8score.Secret + UnmarshalK8SYaml(t, yamlContent, &secretobj) + secretData := secretobj.Data + require.Equal(t, diagnosticWebUser, string(secretData["PEGA_DIAGNOSTIC_USER"])) + require.Equal(t, diagnosticWebPassword, string(secretData["PEGA_DIAGNOSTIC_PASSWORD"])) +} diff --git a/terratest/src/test/pega/pega-environment-config_test.go b/terratest/src/test/pega/pega-environment-config_test.go index 6c5065d79..9d5b41890 100644 --- a/terratest/src/test/pega/pega-environment-config_test.go +++ b/terratest/src/test/pega/pega-environment-config_test.go @@ -38,63 +38,62 @@ func TestPegaEnvironmentConfig(t *testing.T) { } } - -func TestPegaEnvironmentConfigJDBCTimeouts(t * testing.T) { +func TestPegaEnvironmentConfigJDBCTimeouts(t *testing.T) { helmChartPath, err := filepath.Abs(PegaHelmChartPath) require.NoError(t, err) - var options = &helm.Options{ - SetValues: map[string]string{ - "global.provider": "k8s", - "global.actions.execute": "deploy", - }, - } + var options = &helm.Options{ + SetValues: map[string]string{ + "global.provider": "k8s", + "global.actions.execute": "deploy", + }, + } - yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-environment-config.yaml"}) + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-environment-config.yaml"}) - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES", "") - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RW", "") - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RO", "") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES", "") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RW", "") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RO", "") - options.SetValues["global.jdbc.connectionTimeoutProperties"] = "socketTimeout=90;" - yamlContent = RenderTemplate(t, options, helmChartPath, []string{"templates/pega-environment-config.yaml"}) + options.SetValues["global.jdbc.connectionTimeoutProperties"] = "socketTimeout=90;" + yamlContent = RenderTemplate(t, options, helmChartPath, []string{"templates/pega-environment-config.yaml"}) - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES", "socketTimeout=90;") - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RW", "") - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RO", "") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES", "socketTimeout=90;") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RW", "") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RO", "") - options.SetValues["global.jdbc.writerConnectionTimeoutProperties"] = "socketTimeout=120;" - yamlContent = RenderTemplate(t, options, helmChartPath, []string{"templates/pega-environment-config.yaml"}) + options.SetValues["global.jdbc.writerConnectionTimeoutProperties"] = "socketTimeout=120;" + yamlContent = RenderTemplate(t, options, helmChartPath, []string{"templates/pega-environment-config.yaml"}) - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES", "socketTimeout=90;") - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RW", "socketTimeout=120;") - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RO", "") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES", "socketTimeout=90;") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RW", "socketTimeout=120;") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RO", "") - options.SetValues["global.jdbc.readerConnectionTimeoutProperties"] = "socketTimeout=150;" - yamlContent = RenderTemplate(t, options, helmChartPath, []string{"templates/pega-environment-config.yaml"}) + options.SetValues["global.jdbc.readerConnectionTimeoutProperties"] = "socketTimeout=150;" + yamlContent = RenderTemplate(t, options, helmChartPath, []string{"templates/pega-environment-config.yaml"}) - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES", "socketTimeout=90;") - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RW", "socketTimeout=120;") - VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RO", "socketTimeout=150;") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES", "socketTimeout=90;") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RW", "socketTimeout=120;") + VerifyEnvValue(t, yamlContent, "JDBC_TIMEOUT_PROPERTIES_RO", "socketTimeout=150;") } func VerifyEnvNotPresent(t *testing.T, yamlContent string, entry string) { - var envConfigMap k8score.ConfigMap - UnmarshalK8SYaml(t, yamlContent, &envConfigMap) - envConfigData := envConfigMap.Data + var envConfigMap k8score.ConfigMap + UnmarshalK8SYaml(t, yamlContent, &envConfigMap) + envConfigData := envConfigMap.Data - _, previouslySet := envConfigData[entry] - require.Equal(t, false, previouslySet) + _, previouslySet := envConfigData[entry] + require.Equal(t, false, previouslySet) } func VerifyEnvValue(t *testing.T, yamlContent string, entry string, value string) { - var envConfigMap k8score.ConfigMap - UnmarshalK8SYaml(t, yamlContent, &envConfigMap) - envConfigData := envConfigMap.Data + var envConfigMap k8score.ConfigMap + UnmarshalK8SYaml(t, yamlContent, &envConfigMap) + envConfigData := envConfigMap.Data - val, previouslySet := envConfigData[entry] - require.Equal(t, true, previouslySet) - require.Equal(t, value, val) + val, previouslySet := envConfigData[entry] + require.Equal(t, true, previouslySet) + require.Equal(t, value, val) } func VerifyEnvironmentConfig(t *testing.T, yamlContent string, options *helm.Options) { diff --git a/terratest/src/test/pega/pega-hz-deployment_test.go b/terratest/src/test/pega/pega-hz-deployment_test.go index 0ce3a3e01..43501dc6b 100644 --- a/terratest/src/test/pega/pega-hz-deployment_test.go +++ b/terratest/src/test/pega/pega-hz-deployment_test.go @@ -53,7 +53,7 @@ func VerifyHazelcastDeployment(t *testing.T, yamlContent string) { require.Equal(t, "1Gi", statefulsetSpec.Containers[0].Resources.Requests.Memory().String()) require.Equal(t, statefulsetSpec.Volumes[0].Name, "logs") require.Equal(t, statefulsetSpec.Volumes[1].Name, "hazelcast-volume-credentials") - require.Equal(t, statefulsetSpec.Volumes[1].Projected.Sources[0].Secret.Name, "pega-credentials-secret") + require.Equal(t, statefulsetSpec.Volumes[1].Projected.Sources[0].Secret.Name, "pega-hz-secret") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[0].Name, "logs") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[0].MountPath, "/opt/hazelcast/logs") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[1].Name, "hazelcast-volume-credentials") diff --git a/terratest/src/test/pega/pega-hz-deployment_test_with_externalsecrets_test.go b/terratest/src/test/pega/pega-hz-deployment_test_with_externalsecrets_test.go index 85be1664b..0b68bd6fe 100644 --- a/terratest/src/test/pega/pega-hz-deployment_test_with_externalsecrets_test.go +++ b/terratest/src/test/pega/pega-hz-deployment_test_with_externalsecrets_test.go @@ -54,9 +54,7 @@ func VerifyHazelcastDeploymentWithExternalsecrets(t *testing.T, yamlContent stri require.Equal(t, "1Gi", statefulsetSpec.Containers[0].Resources.Requests.Memory().String()) require.Equal(t, statefulsetSpec.Volumes[0].Name, "logs") require.Equal(t, statefulsetSpec.Volumes[1].Name, "hazelcast-volume-credentials") - require.Equal(t, statefulsetSpec.Volumes[1].Projected.Sources[0].Secret.Name, "pega-credentials-secret") - require.Equal(t, statefulsetSpec.Volumes[1].Projected.Sources[1].Secret.Name, "hazelcast-secret") - require.Equal(t, statefulsetSpec.Volumes[1].Projected.Sources[2].Secret.Name, "customArtifactory-secret") + require.Equal(t, statefulsetSpec.Volumes[1].Projected.Sources[0].Secret.Name, "hazelcast-secret") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[0].Name, "logs") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[0].MountPath, "/opt/hazelcast/logs") require.Equal(t, statefulsetSpec.Containers[0].VolumeMounts[1].Name, "hazelcast-volume-credentials") diff --git a/terratest/src/test/pega/pega-hz-secret_test.go b/terratest/src/test/pega/pega-hz-secret_test.go new file mode 100644 index 000000000..5fb1df54a --- /dev/null +++ b/terratest/src/test/pega/pega-hz-secret_test.go @@ -0,0 +1,81 @@ +package pega + +import ( + "fmt" + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + k8score "k8s.io/api/core/v1" + "path/filepath" + "testing" +) + +func TestPegaHazelcastSecretWhenHazelcastIsEnabled(t *testing.T) { + var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} + const HzCsAuthUsername = "HZClusterUser" + const HzCsAuthPassword = "HZclusterPassword" + var supportedOperations = []string{"deploy", "install-deploy", "upgrade-deploy"} + var deploymentNames = []string{"pega", "myapp-dev"} + + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + for _, depName := range deploymentNames { + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + SetValues: map[string]string{ + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": "zero-downtime", + "hazelcast.enabled": "true", + "hazelcast.migration.embeddedToCSMigration": "false", + "hazelcast.username": HzCsAuthUsername, + "hazelcast.password": HzCsAuthPassword, + }, + } + + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-hz-secret.yaml"}) + VerifyHazelcastSecretWhenHazelcastIsEnabled(t, yamlContent, HzCsAuthUsername, HzCsAuthPassword) + } + } + } + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + SetValues: map[string]string{ + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": "zero-downtime", + "hazelcast.enabled": "false", + "hazelcast.clusteringServiceEnabled": "true", + "hazelcast.migration.embeddedToCSMigration": "false", + "hazelcast.username": HzCsAuthUsername, + "hazelcast.password": HzCsAuthPassword, + }, + } + + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-hz-secret.yaml"}) + VerifyHazelcastSecretWhenHazelcastIsEnabled(t, yamlContent, HzCsAuthUsername, HzCsAuthPassword) + } + } + +} + +func VerifyHazelcastSecretWhenHazelcastIsEnabled(t *testing.T, yamlContent string, username string, password string) { + + var secretobj k8score.Secret + UnmarshalK8SYaml(t, yamlContent, &secretobj) + secretData := secretobj.Data + require.Equal(t, string(secretData["HZ_CS_AUTH_USERNAME"]), username) + require.Equal(t, string(secretData["HZ_CS_AUTH_PASSWORD"]), password) +} diff --git a/terratest/src/test/pega/pega-installer-config-connprops_test.go b/terratest/src/test/pega/pega-installer-config-connprops_test.go index 7835b7027..fd2b929c8 100644 --- a/terratest/src/test/pega/pega-installer-config-connprops_test.go +++ b/terratest/src/test/pega/pega-installer-config-connprops_test.go @@ -23,7 +23,7 @@ func TestPegaInstallerConnectionPropsConfig(t *testing.T) { for _, vendor := range supportedVendors { for _, operation := range supportedOperations { for _, dbPlatform := range supportedDbs { - for _, dataSchema := range dataSchemas{ + for _, dataSchema := range dataSchemas { var options = &helm.Options{ SetValues: map[string]string{ "global.provider": vendor, @@ -36,11 +36,11 @@ func TestPegaInstallerConnectionPropsConfig(t *testing.T) { "installer.upgrade.upgradeType": "zero-downtime", }, } - + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"charts/installer/templates/pega-installer-config.yaml"}) assertInstallerConnectionPropsConfig(t, yamlContent, dbPlatform, dataSchema) } - + } } } @@ -57,7 +57,7 @@ func assertInstallerConnectionPropsConfig(t *testing.T, configYaml string, dbPla compareConfigMapData(t, installConfigData["migrateSystem.properties.tmpl"], "data/expectedMigrateSystem.properties.tmpl") compareConfigMapData(t, installConfigData["prlog4j2.xml"], "data/expectedPRlog4j2.xml") compareConfigMapData(t, installConfigData["prpcUtils.properties.tmpl"], "data/expectedPRPCUtils.properties.tmpl") - if (dbPlatform == "db2zos" || dbPlatform == "udb") && dataSchema == ""{ + if (dbPlatform == "db2zos" || dbPlatform == "udb") && dataSchema == "" { compareConfigMapData(t, installConfigData[fmt.Sprintf("%s.conf", dbPlatform)], fmt.Sprintf("data/expected%ssingleschema.conf", dbPlatform)) } else { compareConfigMapData(t, installConfigData[fmt.Sprintf("%s.conf", dbPlatform)], fmt.Sprintf("data/expected%s.conf", dbPlatform)) diff --git a/terratest/src/test/pega/pega-installer-job_test.go b/terratest/src/test/pega/pega-installer-job_test.go index a4d485f8a..73dd54ff7 100644 --- a/terratest/src/test/pega/pega-installer-job_test.go +++ b/terratest/src/test/pega/pega-installer-job_test.go @@ -112,8 +112,8 @@ func assertJob(t *testing.T, jobYaml string, expectedJob pegaDbJob, options *hel var containerPort int32 = 8080 - require.Equal(t, jobSpec.Volumes[0].Name, "pega-volume-credentials") - require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.Sources[0].Secret.Name, getObjName(options, "-credentials-secret")) + require.Equal(t, jobSpec.Volumes[0].Name, "pega-installer-credentials-volume") + require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.Sources[0].Secret.Name, getObjName(options, "-db-secret")) require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.DefaultMode, volDefaultModePointer) require.Equal(t, jobSpec.Volumes[1].Name, "pega-volume-installer") if jobSpec.Volumes[1].VolumeSource.ConfigMap.LocalObjectReference.Name == "pega-install-config" { @@ -131,7 +131,7 @@ func assertJob(t *testing.T, jobYaml string, expectedJob pegaDbJob, options *hel require.Equal(t, jobContainers[0].Ports[0].ContainerPort, containerPort) require.Equal(t, jobContainers[0].VolumeMounts[0].Name, "pega-volume-installer") require.Equal(t, jobContainers[0].VolumeMounts[0].MountPath, "/opt/pega/config") - require.Equal(t, jobContainers[0].VolumeMounts[1].Name, "pega-volume-credentials") + require.Equal(t, jobContainers[0].VolumeMounts[1].Name, "pega-installer-credentials-volume") require.Equal(t, jobContainers[0].VolumeMounts[1].MountPath, "/opt/pega/secrets") require.Equal(t, jobContainers[0].EnvFrom[0].ConfigMapRef.LocalObjectReference.Name, expectedJob.configMapName) diff --git a/terratest/src/test/pega/pega-stream-secret_test.go b/terratest/src/test/pega/pega-stream-secret_test.go new file mode 100644 index 000000000..6ab383e2e --- /dev/null +++ b/terratest/src/test/pega/pega-stream-secret_test.go @@ -0,0 +1,60 @@ +package pega + +import ( + "fmt" + "path/filepath" + "testing" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/stretchr/testify/require" + k8score "k8s.io/api/core/v1" +) + +const streamTrustStorePassword = "trustStore" +const streamKeyStorePassword = "keyStore" +const jaasConfig = "jaasConfig" + +func TestPegaCredentialsSecretWithExternalStreamArePresent(t *testing.T) { + var supportedVendors = []string{"k8s", "openshift", "eks", "gke", "aks", "pks"} + var supportedOperations = []string{"install-deploy", "deploy", "upgrade-deploy"} + var deploymentNames = []string{"pega", "myapp-dev"} + + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + for _, vendor := range supportedVendors { + + for _, operation := range supportedOperations { + + for _, depName := range deploymentNames { + fmt.Println(vendor + "-" + operation) + + var options = &helm.Options{ + SetValues: map[string]string{ + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, + "installer.upgrade.upgradeType": getUpgradeTypeForUpgradeAction(operation), + "stream.trustStorePassword": streamTrustStorePassword, + "stream.keyStorePassword": streamKeyStorePassword, + "stream.jaasConfig": jaasConfig, + }, + } + + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-stream-secret.yaml"}) + verifyStreamCredentialsSecret(t, yamlContent, operation) + } + } + } + +} + +func verifyStreamCredentialsSecret(t *testing.T, yamlContent string, operation string) { + + var secretobj k8score.Secret + UnmarshalK8SYaml(t, yamlContent, &secretobj) + secretData := secretobj.Data + require.Equal(t, streamTrustStorePassword, string(secretData["STREAM_TRUSTSTORE_PASSWORD"])) + require.Equal(t, streamKeyStorePassword, string(secretData["STREAM_KEYSTORE_PASSWORD"])) + require.Equal(t, jaasConfig, string(secretData["STREAM_JAAS_CONFIG"])) +} diff --git a/terratest/src/test/pega/pega-tier-deployment-with-external-secret-credentials_test.go b/terratest/src/test/pega/pega-tier-deployment-with-external-secret-credentials_test.go index 9ed73a7d5..99880cd07 100644 --- a/terratest/src/test/pega/pega-tier-deployment-with-external-secret-credentials_test.go +++ b/terratest/src/test/pega/pega-tier-deployment-with-external-secret-credentials_test.go @@ -47,12 +47,13 @@ func assertCredentialVolumeAndMount(t *testing.T, tierYaml string, options *helm if vol.Name == "pega-volume-credentials" { sources := vol.VolumeSource.Projected.Sources fmt.Println(sources[0].Secret.LocalObjectReference.Name) - require.Equal(t, len(sources), 5) - require.Equal(t, sources[0].Secret.LocalObjectReference.Name, "pega-credentials-secret") + require.Equal(t, len(sources), 6) + require.Equal(t, sources[0].Secret.LocalObjectReference.Name, "db-secret") require.Equal(t, sources[1].Secret.LocalObjectReference.Name, "hazelcast-secret") - require.Equal(t, sources[2].Secret.LocalObjectReference.Name, "customArtifactory-secret") + require.Equal(t, sources[2].Secret.LocalObjectReference.Name, "kafka-secret") require.Equal(t, sources[3].Secret.LocalObjectReference.Name, "dds-secret") - require.Equal(t, sources[4].Secret.LocalObjectReference.Name, "kafka-secret") + require.Equal(t, sources[4].Secret.LocalObjectReference.Name, "customArtifactory-secret") + require.Equal(t, sources[5].Secret.LocalObjectReference.Name, "pega-diagnostic-secret") foundVol = true break } diff --git a/terratest/src/test/pega/pega-tier-deployment_test.go b/terratest/src/test/pega/pega-tier-deployment_test.go index 536591e4f..5fde1ae94 100644 --- a/terratest/src/test/pega/pega-tier-deployment_test.go +++ b/terratest/src/test/pega/pega-tier-deployment_test.go @@ -38,7 +38,7 @@ func TestPegaTierDeployment(t *testing.T) { "global.actions.execute": operation, "global.deployment.name": depName, "installer.upgrade.upgradeType": "zero-downtime", - "global.storageClassName": "storage-class", + "global.storageClassName": "storage-class", }, } @@ -157,7 +157,6 @@ func VerifyDeployment(t *testing.T, pod *k8score.PodSpec, expectedSpec pegaDeplo require.Equal(t, expectedSpec.name, pod.Volumes[0].VolumeSource.ConfigMap.LocalObjectReference.Name) require.Equal(t, volumeDefaultModePtr, pod.Volumes[0].VolumeSource.ConfigMap.DefaultMode) require.Equal(t, "pega-volume-credentials", pod.Volumes[1].Name) - require.Equal(t, getObjName(options, "-credentials-secret"), pod.Volumes[1].VolumeSource.Projected.Sources[0].Secret.Name) require.Equal(t, volumeDefaultModePtr, pod.Volumes[1].VolumeSource.Projected.DefaultMode) actualInitContainers := pod.InitContainers @@ -248,7 +247,6 @@ func VerifyDeployment(t *testing.T, pod *k8score.PodSpec, expectedSpec pegaDeplo require.Equal(t, "/opt/pega/config", pod.Containers[0].VolumeMounts[0].MountPath) require.Equal(t, "pega-volume-config", pod.Volumes[0].Name) require.Equal(t, "pega-volume-credentials", pod.Volumes[1].Name) - require.Equal(t, getObjName(options, "-credentials-secret"), pod.Volumes[1].Projected.Sources[0].Secret.Name) } diff --git a/terratest/src/test/pega/pega-tier-service-with-servicetype_test.go b/terratest/src/test/pega/pega-tier-service-with-servicetype_test.go index 3574698c3..72677f863 100644 --- a/terratest/src/test/pega/pega-tier-service-with-servicetype_test.go +++ b/terratest/src/test/pega/pega-tier-service-with-servicetype_test.go @@ -26,9 +26,9 @@ func TestPegaServiceWithServiceType(t *testing.T) { var options = &helm.Options{ ValuesFiles: []string{"data/values_with_servicetype.yaml"}, SetValues: map[string]string{ - "global.deployment.name": depName, - "global.provider": vendor, - "global.actions.execute": operation, + "global.deployment.name": depName, + "global.provider": vendor, + "global.actions.execute": operation, }, } yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-tier-service.yaml"}) @@ -36,10 +36,8 @@ func TestPegaServiceWithServiceType(t *testing.T) { var pegaServiceObj k8score.Service UnmarshalK8SYaml(t, serviceyamlContent[1], &pegaServiceObj) serviceType := pegaServiceObj.Spec.Type - require.Equal(t, k8score.ServiceType("LoadBalancer"), serviceType ) + require.Equal(t, k8score.ServiceType("LoadBalancer"), serviceType) } - } + } } } - -