2021-09-28 13:11:36 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
require_relative '../../test_helper'
|
|
|
|
|
|
|
|
class Test < ChartTest
|
|
|
|
@@chart = Chart.new('charts/library/common-test')
|
|
|
|
|
|
|
|
describe @@chart.name do
|
2021-09-28 22:11:52 +00:00
|
|
|
describe 'initContainer::permissions' do
|
|
|
|
it 'initContainer exists by default' do
|
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
|
|
|
|
refute_nil(initContainer)
|
2021-09-28 13:11:36 +00:00
|
|
|
end
|
|
|
|
|
2021-09-28 22:11:52 +00:00
|
|
|
it 'persistenceList do not affect permissions job by default' do
|
2021-09-28 13:11:36 +00:00
|
|
|
values = {
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
assert_nil(deployment["spec"]["template"]["spec"]["initContainers"][0]["volumeMounts"])
|
2021-09-28 13:11:36 +00:00
|
|
|
end
|
2021-09-28 22:11:52 +00:00
|
|
|
it 'persistenceList.setPermissions adds volume(mounts)' do
|
2021-09-28 13:11:36 +00:00
|
|
|
values = {
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
assert_equal("data", deployment["spec"]["template"]["spec"]["volumes"][0]["name"])
|
|
|
|
assert_equal("data", deployment["spec"]["template"]["spec"]["initContainers"][0]["volumeMounts"][0]["name"])
|
2021-09-28 13:11:36 +00:00
|
|
|
end
|
2021-09-28 22:11:52 +00:00
|
|
|
it 'supports multiple persistenceList' do
|
2021-09-28 13:11:36 +00:00
|
|
|
values = {
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp"
|
|
|
|
},
|
|
|
|
{
|
2021-09-28 22:11:52 +00:00
|
|
|
name: "configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
mountPath: "/configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
hostPath: "/tmp"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
|
2021-09-28 13:11:36 +00:00
|
|
|
|
2021-09-28 22:11:52 +00:00
|
|
|
# Check that all persistenceList volumes have mounts
|
|
|
|
values[:persistenceList].each { |value|
|
|
|
|
volumeMount = initContainer["volumeMounts"].find{ |v| v["name"] == "" + value[:name].to_s }
|
2021-09-28 13:11:36 +00:00
|
|
|
refute_nil(volumeMount)
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'supports setting mountPath' do
|
|
|
|
values = {
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
|
2021-09-28 13:11:36 +00:00
|
|
|
|
2021-09-28 22:11:52 +00:00
|
|
|
volumeMount = initContainer["volumeMounts"].find{ |v| v["name"] == "data" }
|
2021-09-28 13:11:36 +00:00
|
|
|
refute_nil(volumeMount)
|
|
|
|
assert_equal("/data", volumeMount["mountPath"])
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'could mount multiple volumes' do
|
|
|
|
values = {
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
type: "hostPath",
|
2021-09-28 13:11:36 +00:00
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp1"
|
|
|
|
},
|
|
|
|
{
|
2021-09-28 22:11:52 +00:00
|
|
|
name: "configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
enabled: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
type: "hostPath",
|
2021-09-28 13:11:36 +00:00
|
|
|
setPermissions: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
mountPath: "/configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
hostPath: "/tmp2"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
volumes = deployment["spec"]["template"]["spec"]["volumes"]
|
2021-09-28 13:11:36 +00:00
|
|
|
|
2021-09-28 22:11:52 +00:00
|
|
|
volume = volumes.find{ |v| v["name"] == "data"}
|
2021-09-28 13:11:36 +00:00
|
|
|
refute_nil(volume)
|
|
|
|
assert_equal('/tmp1', volume["hostPath"]["path"])
|
|
|
|
|
2021-09-28 22:11:52 +00:00
|
|
|
volume = volumes.find{ |v| v["name"] == "configlist"}
|
2021-09-28 13:11:36 +00:00
|
|
|
refute_nil(volume)
|
|
|
|
assert_equal('/tmp2', volume["hostPath"]["path"])
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can process default (568:568) permissions for multiple volumes' do
|
|
|
|
results= {
|
2021-10-17 14:53:46 +00:00
|
|
|
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :568 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :568 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
|
2021-09-28 13:11:36 +00:00
|
|
|
}
|
|
|
|
values = {
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
type: "hostPath",
|
2021-09-28 13:11:36 +00:00
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp1"
|
|
|
|
},
|
|
|
|
{
|
2021-09-28 22:11:52 +00:00
|
|
|
name: "configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
enabled: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
type: "hostPath",
|
2021-09-28 13:11:36 +00:00
|
|
|
setPermissions: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
mountPath: "/configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
hostPath: "/tmp2"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
|
|
|
|
assert_equal(results[:command], initContainer["command"])
|
2021-09-28 13:11:36 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'outputs default permissions with irrelevant podSecurityContext' do
|
|
|
|
results= {
|
2021-10-17 14:53:46 +00:00
|
|
|
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :568 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :568 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
|
2021-09-28 13:11:36 +00:00
|
|
|
}
|
|
|
|
values = {
|
|
|
|
podSecurityContext: {
|
2021-09-28 22:11:52 +00:00
|
|
|
allowPrivilegeEscalation: false
|
2021-09-28 13:11:36 +00:00
|
|
|
},
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp1"
|
|
|
|
},
|
|
|
|
{
|
2021-09-28 22:11:52 +00:00
|
|
|
name: "configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
mountPath: "/configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
hostPath: "/tmp2"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
|
|
|
|
assert_equal(results[:command], initContainer["command"])
|
2021-09-28 13:11:36 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'outputs fsgroup permissions for multiple volumes when set' do
|
|
|
|
results= {
|
2021-10-17 14:53:46 +00:00
|
|
|
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :666 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :666 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
|
2021-09-28 13:11:36 +00:00
|
|
|
}
|
|
|
|
values = {
|
|
|
|
podSecurityContext: {
|
|
|
|
fsGroup: 666
|
|
|
|
},
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp1"
|
|
|
|
},
|
|
|
|
{
|
2021-09-28 22:11:52 +00:00
|
|
|
name: "configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
mountPath: "/configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
hostPath: "/tmp2"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
|
|
|
|
assert_equal(results[:command], initContainer["command"])
|
2021-09-28 13:11:36 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'outputs runAsUser permissions for multiple volumes when set' do
|
|
|
|
results= {
|
2021-10-17 14:53:46 +00:00
|
|
|
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :568 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :568 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
|
2021-09-28 13:11:36 +00:00
|
|
|
}
|
|
|
|
values = {
|
|
|
|
podSecurityContext: {
|
|
|
|
runAsUser: 999
|
|
|
|
},
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp1"
|
|
|
|
},
|
|
|
|
{
|
2021-09-28 22:11:52 +00:00
|
|
|
name: "configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
mountPath: "/configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
hostPath: "/tmp2"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
|
|
|
|
assert_equal(results[:command], initContainer["command"])
|
2021-09-28 13:11:36 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'outputs fsGroup AND runAsUser permissions for multiple volumes when both are set' do
|
|
|
|
results= {
|
2021-10-17 14:53:46 +00:00
|
|
|
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :666 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :666 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
|
2021-09-28 13:11:36 +00:00
|
|
|
}
|
|
|
|
values = {
|
|
|
|
podSecurityContext: {
|
|
|
|
fsGroup: 666,
|
|
|
|
runAsUser: 999
|
|
|
|
},
|
2021-09-28 22:11:52 +00:00
|
|
|
persistenceList: [
|
2021-09-28 13:11:36 +00:00
|
|
|
{
|
|
|
|
name: "data",
|
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
|
|
|
mountPath: "/data",
|
|
|
|
hostPath: "/tmp1"
|
|
|
|
},
|
|
|
|
{
|
2021-09-28 22:11:52 +00:00
|
|
|
name: "configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
enabled: true,
|
|
|
|
setPermissions: true,
|
2021-09-28 22:11:52 +00:00
|
|
|
mountPath: "/configlist",
|
2021-09-28 13:11:36 +00:00
|
|
|
hostPath: "/tmp2"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
chart.value values
|
2021-09-28 22:11:52 +00:00
|
|
|
deployment = chart.resources(kind: "Deployment").first
|
|
|
|
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
|
|
|
|
assert_equal(results[:command], initContainer["command"])
|
2021-09-28 13:11:36 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|