Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code
TrueChartsClone/tests/library/common/autoPermissions_spec.rb

289 lines
10 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require_relative '../../test_helper'
class Test < ChartTest
@@chart = Chart.new('charts/library/common-test')
describe @@chart.name do
describe 'initContainer::permissions' do
it 'initContainer exists by default' do
deployment = chart.resources(kind: "Deployment").first
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
refute_nil(initContainer)
end
it 'persistenceList do not affect permissions job by default' do
values = {
persistenceList: [
{
name: "data",
enabled: true,
mountPath: "/data",
hostPath: "/tmp"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
assert_nil(deployment["spec"]["template"]["spec"]["initContainers"][0]["volumeMounts"])
end
it 'persistenceList.setPermissions adds volume(mounts)' do
values = {
persistenceList: [
{
name: "data",
enabled: true,
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
assert_equal("data", deployment["spec"]["template"]["spec"]["volumes"][0]["name"])
assert_equal("data", deployment["spec"]["template"]["spec"]["initContainers"][0]["volumeMounts"][0]["name"])
end
it 'supports multiple persistenceList' do
values = {
persistenceList: [
{
name: "data",
enabled: true,
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp"
},
{
name: "configlist",
enabled: true,
setPermissions: true,
mountPath: "/configlist",
hostPath: "/tmp"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
# Check that all persistenceList volumes have mounts
values[:persistenceList].each { |value|
volumeMount = initContainer["volumeMounts"].find{ |v| v["name"] == "" + value[:name].to_s }
refute_nil(volumeMount)
}
end
it 'supports setting mountPath' do
values = {
persistenceList: [
{
name: "data",
enabled: true,
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
volumeMount = initContainer["volumeMounts"].find{ |v| v["name"] == "data" }
refute_nil(volumeMount)
assert_equal("/data", volumeMount["mountPath"])
end
it 'could mount multiple volumes' do
values = {
persistenceList: [
{
name: "data",
enabled: true,
type: "hostPath",
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp1"
},
{
name: "configlist",
enabled: true,
type: "hostPath",
setPermissions: true,
mountPath: "/configlist",
hostPath: "/tmp2"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
volumes = deployment["spec"]["template"]["spec"]["volumes"]
volume = volumes.find{ |v| v["name"] == "data"}
refute_nil(volume)
assert_equal('/tmp1', volume["hostPath"]["path"])
volume = volumes.find{ |v| v["name"] == "configlist"}
refute_nil(volume)
assert_equal('/tmp2', volume["hostPath"]["path"])
end
it 'can process default (568:568) permissions for multiple volumes' do
results= {
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :568 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :568 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
}
values = {
persistenceList: [
{
name: "data",
enabled: true,
type: "hostPath",
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp1"
},
{
name: "configlist",
enabled: true,
type: "hostPath",
setPermissions: true,
mountPath: "/configlist",
hostPath: "/tmp2"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
assert_equal(results[:command], initContainer["command"])
end
it 'outputs default permissions with irrelevant podSecurityContext' do
results= {
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :568 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :568 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
}
values = {
podSecurityContext: {
allowPrivilegeEscalation: false
},
persistenceList: [
{
name: "data",
enabled: true,
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp1"
},
{
name: "configlist",
enabled: true,
setPermissions: true,
mountPath: "/configlist",
hostPath: "/tmp2"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
assert_equal(results[:command], initContainer["command"])
end
it 'outputs fsgroup permissions for multiple volumes when set' do
results= {
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :666 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :666 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
}
values = {
podSecurityContext: {
fsGroup: 666
},
persistenceList: [
{
name: "data",
enabled: true,
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp1"
},
{
name: "configlist",
enabled: true,
setPermissions: true,
mountPath: "/configlist",
hostPath: "/tmp2"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
assert_equal(results[:command], initContainer["command"])
end
it 'outputs runAsUser permissions for multiple volumes when set' do
results= {
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :568 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :568 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
}
values = {
podSecurityContext: {
runAsUser: 999
},
persistenceList: [
{
name: "data",
enabled: true,
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp1"
},
{
name: "configlist",
enabled: true,
setPermissions: true,
mountPath: "/configlist",
hostPath: "/tmp2"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
assert_equal(results[:command], initContainer["command"])
end
it 'outputs fsGroup AND runAsUser permissions for multiple volumes when both are set' do
results= {
command: ["/bin/sh", "-c", "echo 'Automatically correcting permissions...';chown -R :666 '/configlist'; chmod -R g+w || echo 'chmod failed for /configlist, are you running NFSv4 ACLs?' '/configlist';chown -R :666 '/data'; chmod -R g+w || echo 'chmod failed for /data, are you running NFSv4 ACLs?' '/data';"]
}
values = {
podSecurityContext: {
fsGroup: 666,
runAsUser: 999
},
persistenceList: [
{
name: "data",
enabled: true,
setPermissions: true,
mountPath: "/data",
hostPath: "/tmp1"
},
{
name: "configlist",
enabled: true,
setPermissions: true,
mountPath: "/configlist",
hostPath: "/tmp2"
}
]
}
chart.value values
deployment = chart.resources(kind: "Deployment").first
initContainer = deployment["spec"]["template"]["spec"]["initContainers"][0]
assert_equal(results[:command], initContainer["command"])
end
end
end
end
View Git Blame Copy Permalink