Skip to content

Commit de1eb7f

Browse files
ansgarschulteansgarschulte
committed
test: e2e test insecureSkipVerify and self signed certificates via helm
1 parent 7e7b506 commit de1eb7f

File tree

7 files changed

+429
-103
lines changed

7 files changed

+429
-103
lines changed

charts/steadybit-extension-splunk-platform/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v2
22
name: steadybit-extension-splunk-platform
33
description: Steadybit Splunk Cloud Platform and Splunk Enterprise extension Helm chart for Kubernetes.
4-
version: 1.0.2
4+
version: 1.0.3
55
appVersion: v1.0.0
66
home: https://www.steadybit.com/
77
icon: https://steadybit-website-assets.s3.amazonaws.com/logo-symbol-transparent.png

charts/steadybit-extension-splunk-platform/tests/__snapshot__/deployment_test.yaml.snap

Lines changed: 196 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,8 @@ manifest should match snapshot using podAnnotations and Labels:
3838
secretKeyRef:
3939
key: api-base-url
4040
name: steadybit-extension-splunk-platform
41+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
42+
value: "false"
4143
- name: STEADYBIT_LOG_LEVEL
4244
value: INFO
4345
- name: STEADYBIT_LOG_FORMAT
@@ -121,6 +123,8 @@ manifest should match snapshot with TLS:
121123
secretKeyRef:
122124
key: api-base-url
123125
name: steadybit-extension-splunk-platform
126+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
127+
value: "false"
124128
- name: STEADYBIT_LOG_LEVEL
125129
value: INFO
126130
- name: STEADYBIT_LOG_FORMAT
@@ -177,6 +181,99 @@ manifest should match snapshot with TLS:
177181
secret:
178182
optional: false
179183
secretName: server-cert
184+
manifest should match snapshot with custom certificates mounted:
185+
1: |
186+
apiVersion: apps/v1
187+
kind: Deployment
188+
metadata:
189+
labels:
190+
steadybit.com/discovery-disabled: "true"
191+
steadybit.com/extension: "true"
192+
name: RELEASE-NAME-steadybit-extension-splunk-platform
193+
namespace: NAMESPACE
194+
spec:
195+
replicas: 1
196+
selector:
197+
matchLabels:
198+
app.kubernetes.io/instance: RELEASE-NAME
199+
app.kubernetes.io/name: steadybit-extension-splunk-platform
200+
template:
201+
metadata:
202+
annotations:
203+
oneagent.dynatrace.com/injection: "false"
204+
labels:
205+
app.kubernetes.io/instance: RELEASE-NAME
206+
app.kubernetes.io/name: steadybit-extension-splunk-platform
207+
steadybit.com/discovery-disabled: "true"
208+
steadybit.com/extension: "true"
209+
spec:
210+
containers:
211+
- env:
212+
- name: STEADYBIT_EXTENSION_ACCESS_TOKEN
213+
valueFrom:
214+
secretKeyRef:
215+
key: access-token
216+
name: steadybit-extension-splunk-platform
217+
- name: STEADYBIT_EXTENSION_API_BASE_URL
218+
valueFrom:
219+
secretKeyRef:
220+
key: api-base-url
221+
name: steadybit-extension-splunk-platform
222+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
223+
value: "false"
224+
- name: STEADYBIT_LOG_LEVEL
225+
value: INFO
226+
- name: STEADYBIT_LOG_FORMAT
227+
value: text
228+
- name: SSL_CERT_DIR
229+
value: /etc/ssl/extra-certs:/etc/ssl/certs
230+
image: ghcr.io/steadybit/extension-splunk-platform:v0.0.0
231+
imagePullPolicy: IfNotPresent
232+
livenessProbe:
233+
failureThreshold: 5
234+
httpGet:
235+
path: /health/liveness
236+
port: 8084
237+
initialDelaySeconds: 10
238+
periodSeconds: 10
239+
successThreshold: 1
240+
timeoutSeconds: 5
241+
name: extension
242+
readinessProbe:
243+
failureThreshold: 3
244+
httpGet:
245+
path: /health/readiness
246+
port: 8084
247+
initialDelaySeconds: 10
248+
periodSeconds: 10
249+
successThreshold: 1
250+
timeoutSeconds: 1
251+
resources:
252+
limits:
253+
cpu: 200m
254+
memory: 32Mi
255+
requests:
256+
cpu: 50m
257+
memory: 16Mi
258+
securityContext:
259+
allowPrivilegeEscalation: false
260+
capabilities:
261+
drop:
262+
- ALL
263+
readOnlyRootFilesystem: true
264+
volumeMounts:
265+
- mountPath: /etc/ssl/extra-certs
266+
name: extra-certs
267+
readOnly: true
268+
securityContext:
269+
runAsNonRoot: true
270+
seccompProfile:
271+
type: RuntimeDefault
272+
serviceAccountName: steadybit-extension-splunk-platform
273+
volumes:
274+
- configMap:
275+
name: splunk-self-signed-ca
276+
name: extra-certs
180277
manifest should match snapshot with extra env vars:
181278
1: |
182279
apiVersion: apps/v1
@@ -215,6 +312,8 @@ manifest should match snapshot with extra env vars:
215312
secretKeyRef:
216313
key: api-base-url
217314
name: steadybit-extension-splunk-platform
315+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
316+
value: "false"
218317
- name: STEADYBIT_LOG_LEVEL
219318
value: INFO
220319
- name: STEADYBIT_LOG_FORMAT
@@ -307,6 +406,93 @@ manifest should match snapshot with extra labels:
307406
secretKeyRef:
308407
key: api-base-url
309408
name: steadybit-extension-splunk-platform
409+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
410+
value: "false"
411+
- name: STEADYBIT_LOG_LEVEL
412+
value: INFO
413+
- name: STEADYBIT_LOG_FORMAT
414+
value: text
415+
image: ghcr.io/steadybit/extension-splunk-platform:v0.0.0
416+
imagePullPolicy: IfNotPresent
417+
livenessProbe:
418+
failureThreshold: 5
419+
httpGet:
420+
path: /health/liveness
421+
port: 8084
422+
initialDelaySeconds: 10
423+
periodSeconds: 10
424+
successThreshold: 1
425+
timeoutSeconds: 5
426+
name: extension
427+
readinessProbe:
428+
failureThreshold: 3
429+
httpGet:
430+
path: /health/readiness
431+
port: 8084
432+
initialDelaySeconds: 10
433+
periodSeconds: 10
434+
successThreshold: 1
435+
timeoutSeconds: 1
436+
resources:
437+
limits:
438+
cpu: 200m
439+
memory: 32Mi
440+
requests:
441+
cpu: 50m
442+
memory: 16Mi
443+
securityContext:
444+
allowPrivilegeEscalation: false
445+
capabilities:
446+
drop:
447+
- ALL
448+
readOnlyRootFilesystem: true
449+
volumeMounts: null
450+
securityContext:
451+
runAsNonRoot: true
452+
seccompProfile:
453+
type: RuntimeDefault
454+
serviceAccountName: steadybit-extension-splunk-platform
455+
volumes: null
456+
manifest should match snapshot with insecureSkipVerify enabled:
457+
1: |
458+
apiVersion: apps/v1
459+
kind: Deployment
460+
metadata:
461+
labels:
462+
steadybit.com/discovery-disabled: "true"
463+
steadybit.com/extension: "true"
464+
name: RELEASE-NAME-steadybit-extension-splunk-platform
465+
namespace: NAMESPACE
466+
spec:
467+
replicas: 1
468+
selector:
469+
matchLabels:
470+
app.kubernetes.io/instance: RELEASE-NAME
471+
app.kubernetes.io/name: steadybit-extension-splunk-platform
472+
template:
473+
metadata:
474+
annotations:
475+
oneagent.dynatrace.com/injection: "false"
476+
labels:
477+
app.kubernetes.io/instance: RELEASE-NAME
478+
app.kubernetes.io/name: steadybit-extension-splunk-platform
479+
steadybit.com/discovery-disabled: "true"
480+
steadybit.com/extension: "true"
481+
spec:
482+
containers:
483+
- env:
484+
- name: STEADYBIT_EXTENSION_ACCESS_TOKEN
485+
valueFrom:
486+
secretKeyRef:
487+
key: access-token
488+
name: steadybit-extension-splunk-platform
489+
- name: STEADYBIT_EXTENSION_API_BASE_URL
490+
valueFrom:
491+
secretKeyRef:
492+
key: api-base-url
493+
name: steadybit-extension-splunk-platform
494+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
495+
value: "true"
310496
- name: STEADYBIT_LOG_LEVEL
311497
value: INFO
312498
- name: STEADYBIT_LOG_FORMAT
@@ -390,6 +576,8 @@ manifest should match snapshot with mutual TLS:
390576
secretKeyRef:
391577
key: api-base-url
392578
name: steadybit-extension-splunk-platform
579+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
580+
value: "false"
393581
- name: STEADYBIT_LOG_LEVEL
394582
value: INFO
395583
- name: STEADYBIT_LOG_FORMAT
@@ -493,6 +681,8 @@ manifest should match snapshot with mutual TLS using containerPaths:
493681
secretKeyRef:
494682
key: api-base-url
495683
name: steadybit-extension-splunk-platform
684+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
685+
value: "false"
496686
- name: STEADYBIT_LOG_LEVEL
497687
value: INFO
498688
- name: STEADYBIT_LOG_FORMAT
@@ -582,6 +772,8 @@ manifest should match snapshot with podSecurityContext:
582772
secretKeyRef:
583773
key: api-base-url
584774
name: steadybit-extension-splunk-platform
775+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
776+
value: "false"
585777
- name: STEADYBIT_LOG_LEVEL
586778
value: INFO
587779
- name: STEADYBIT_LOG_FORMAT
@@ -666,6 +858,8 @@ manifest should match snapshot with priority class:
666858
secretKeyRef:
667859
key: api-base-url
668860
name: steadybit-extension-splunk-platform
861+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
862+
value: "false"
669863
- name: STEADYBIT_LOG_LEVEL
670864
value: INFO
671865
- name: STEADYBIT_LOG_FORMAT
@@ -750,6 +944,8 @@ manifest should match snapshot without TLS:
750944
secretKeyRef:
751945
key: api-base-url
752946
name: steadybit-extension-splunk-platform
947+
- name: STEADYBIT_EXTENSION_INSECURE_SKIP_VERIFY
948+
value: "false"
753949
- name: STEADYBIT_LOG_LEVEL
754950
value: INFO
755951
- name: STEADYBIT_LOG_FORMAT

charts/steadybit-extension-splunk-platform/tests/deployment_test.yaml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,3 +80,26 @@ tests:
8080
priorityClassName: my-priority-class
8181
asserts:
8282
- matchSnapshot: {}
83+
84+
- it: manifest should match snapshot with insecureSkipVerify enabled
85+
set:
86+
splunk:
87+
insecureSkipVerify: true
88+
asserts:
89+
- matchSnapshot: {}
90+
91+
- it: manifest should match snapshot with custom certificates mounted
92+
set:
93+
extraVolumeMounts:
94+
- name: extra-certs
95+
mountPath: /etc/ssl/extra-certs
96+
readOnly: true
97+
extraVolumes:
98+
- name: extra-certs
99+
configMap:
100+
name: splunk-self-signed-ca
101+
extraEnv:
102+
- name: SSL_CERT_DIR
103+
value: /etc/ssl/extra-certs:/etc/ssl/certs
104+
asserts:
105+
- matchSnapshot: {}

e2e/cert_generator_test.go

Lines changed: 0 additions & 69 deletions
This file was deleted.

0 commit comments

Comments
 (0)