From 9f5a018381d9e5d32032d5f467598c2376a4bd43 Mon Sep 17 00:00:00 2001 From: KhizerJaan Date: Mon, 12 Jun 2023 01:50:31 +0500 Subject: [PATCH 1/7] Allows the release namespace to be overridden --- templates/_helpers.tpl | 7 +++++++ templates/csi-agent-configmap.yaml | 2 +- templates/csi-clusterrolebinding.yaml | 2 +- templates/csi-daemonset.yaml | 2 +- templates/csi-rolebinding.yaml | 2 +- templates/csi-serviceaccount.yaml | 2 +- templates/injector-certs-secret.yaml | 2 +- templates/injector-clusterrolebinding.yaml | 2 +- templates/injector-deployment.yaml | 2 +- templates/injector-disruptionbudget.yaml | 2 +- templates/injector-mutating-webhook.yaml | 2 +- templates/injector-psp-role.yaml | 2 +- templates/injector-psp-rolebinding.yaml | 2 +- templates/injector-role.yaml | 2 +- templates/injector-rolebinding.yaml | 4 ++-- templates/injector-service.yaml | 2 +- templates/injector-serviceaccount.yaml | 2 +- templates/server-clusterrolebinding.yaml | 2 +- templates/server-config-configmap.yaml | 2 +- templates/server-discovery-role.yaml | 2 +- templates/server-discovery-rolebinding.yaml | 4 ++-- templates/server-disruptionbudget.yaml | 2 +- templates/server-ha-active-service.yaml | 2 +- templates/server-ha-standby-service.yaml | 2 +- templates/server-headless-service.yaml | 2 +- templates/server-ingress.yaml | 2 +- templates/server-psp-role.yaml | 2 +- templates/server-psp-rolebinding.yaml | 2 +- templates/server-route.yaml | 2 +- templates/server-service.yaml | 2 +- templates/server-serviceaccount.yaml | 2 +- templates/server-statefulset.yaml | 2 +- templates/tests/server-test.yaml | 2 +- templates/ui-service.yaml | 2 +- 34 files changed, 42 insertions(+), 35 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index dafac3787..63e27fc1e 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -36,6 +36,13 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Allow the release namespace to be overridden +*/}} +{{- define "vault.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride -}} +{{- end -}} + {{/* Compute if the csi driver is enabled. */}} diff --git a/templates/csi-agent-configmap.yaml b/templates/csi-agent-configmap.yaml index 7af08e8f9..6b0a579b3 100644 --- a/templates/csi-agent-configmap.yaml +++ b/templates/csi-agent-configmap.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "vault.fullname" . }}-csi-provider-agent-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider diff --git a/templates/csi-clusterrolebinding.yaml b/templates/csi-clusterrolebinding.yaml index d5a934688..506ec944a 100644 --- a/templates/csi-clusterrolebinding.yaml +++ b/templates/csi-clusterrolebinding.yaml @@ -20,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{- end }} diff --git a/templates/csi-daemonset.yaml b/templates/csi-daemonset.yaml index 28e7cd070..3976aca46 100644 --- a/templates/csi-daemonset.yaml +++ b/templates/csi-daemonset.yaml @@ -9,7 +9,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/csi-rolebinding.yaml b/templates/csi-rolebinding.yaml index e61f2dc2d..0df142b62 100644 --- a/templates/csi-rolebinding.yaml +++ b/templates/csi-rolebinding.yaml @@ -20,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{- end }} diff --git a/templates/csi-serviceaccount.yaml b/templates/csi-serviceaccount.yaml index 25e123ee9..6327a7b2f 100644 --- a/templates/csi-serviceaccount.yaml +++ b/templates/csi-serviceaccount.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/injector-certs-secret.yaml b/templates/injector-certs-secret.yaml index 3e5ddb7b9..f6995af10 100644 --- a/templates/injector-certs-secret.yaml +++ b/templates/injector-certs-secret.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: vault-injector-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/injector-clusterrolebinding.yaml b/templates/injector-clusterrolebinding.yaml index 9253e4f0a..82cbce0ce 100644 --- a/templates/injector-clusterrolebinding.yaml +++ b/templates/injector-clusterrolebinding.yaml @@ -20,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{ end }} diff --git a/templates/injector-deployment.yaml b/templates/injector-deployment.yaml index fbf32c093..e9b9f16b9 100644 --- a/templates/injector-deployment.yaml +++ b/templates/injector-deployment.yaml @@ -10,7 +10,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/injector-disruptionbudget.yaml b/templates/injector-disruptionbudget.yaml index 6ae714bae..2b2a61c6f 100644 --- a/templates/injector-disruptionbudget.yaml +++ b/templates/injector-disruptionbudget.yaml @@ -8,7 +8,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector diff --git a/templates/injector-mutating-webhook.yaml b/templates/injector-mutating-webhook.yaml index d03cd136d..b1de1ee3f 100644 --- a/templates/injector-mutating-webhook.yaml +++ b/templates/injector-mutating-webhook.yaml @@ -28,7 +28,7 @@ webhooks: clientConfig: service: name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} path: "/mutate" caBundle: {{ .Values.injector.certs.caBundle | quote }} rules: diff --git a/templates/injector-psp-role.yaml b/templates/injector-psp-role.yaml index 65d8e9ba9..a07f8f6c0 100644 --- a/templates/injector-psp-role.yaml +++ b/templates/injector-psp-role.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/injector-psp-rolebinding.yaml b/templates/injector-psp-rolebinding.yaml index 48a3a26a2..3c97e8dad 100644 --- a/templates/injector-psp-rolebinding.yaml +++ b/templates/injector-psp-rolebinding.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/injector-role.yaml b/templates/injector-role.yaml index df7b0ed74..b2ad0c7b9 100644 --- a/templates/injector-role.yaml +++ b/templates/injector-role.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/injector-rolebinding.yaml b/templates/injector-rolebinding.yaml index 0848e43d8..6ad25ca69 100644 --- a/templates/injector-rolebinding.yaml +++ b/templates/injector-rolebinding.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} @@ -22,6 +22,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{- end }} {{- end }} \ No newline at end of file diff --git a/templates/injector-service.yaml b/templates/injector-service.yaml index 5b2069286..1479cd1ab 100644 --- a/templates/injector-service.yaml +++ b/templates/injector-service.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/injector-serviceaccount.yaml b/templates/injector-serviceaccount.yaml index 9b5c2f6ed..2f91c3d4a 100644 --- a/templates/injector-serviceaccount.yaml +++ b/templates/injector-serviceaccount.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/server-clusterrolebinding.yaml b/templates/server-clusterrolebinding.yaml index b694129b5..14ec838a0 100644 --- a/templates/server-clusterrolebinding.yaml +++ b/templates/server-clusterrolebinding.yaml @@ -25,5 +25,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{ end }} \ No newline at end of file diff --git a/templates/server-config-configmap.yaml b/templates/server-config-configmap.yaml index 5d29e98d6..5c660579f 100644 --- a/templates/server-config-configmap.yaml +++ b/templates/server-config-configmap.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-discovery-role.yaml b/templates/server-discovery-role.yaml index adae42a2b..0cbdefaff 100644 --- a/templates/server-discovery-role.yaml +++ b/templates/server-discovery-role.yaml @@ -10,7 +10,7 @@ SPDX-License-Identifier: MPL-2.0 apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} name: {{ template "vault.fullname" . }}-discovery-role labels: helm.sh/chart: {{ include "vault.chart" . }} diff --git a/templates/server-discovery-rolebinding.yaml b/templates/server-discovery-rolebinding.yaml index 853ee870c..87b0f6170 100644 --- a/templates/server-discovery-rolebinding.yaml +++ b/templates/server-discovery-rolebinding.yaml @@ -15,7 +15,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} @@ -28,7 +28,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{ end }} {{ end }} {{ end }} diff --git a/templates/server-disruptionbudget.yaml b/templates/server-disruptionbudget.yaml index 3ff11099b..bbe9eb299 100644 --- a/templates/server-disruptionbudget.yaml +++ b/templates/server-disruptionbudget.yaml @@ -13,7 +13,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index 58d540fd5..2a3375a63 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -14,7 +14,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-ha-standby-service.yaml b/templates/server-ha-standby-service.yaml index b9f643586..27fdfce8b 100644 --- a/templates/server-ha-standby-service.yaml +++ b/templates/server-ha-standby-service.yaml @@ -14,7 +14,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-headless-service.yaml b/templates/server-headless-service.yaml index 42e1aa000..4df81e219 100644 --- a/templates/server-headless-service.yaml +++ b/templates/server-headless-service.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-ingress.yaml b/templates/server-ingress.yaml index 3aba66885..d796bae41 100644 --- a/templates/server-ingress.yaml +++ b/templates/server-ingress.yaml @@ -21,7 +21,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-psp-role.yaml b/templates/server-psp-role.yaml index 0c8c983ea..64cd6c507 100644 --- a/templates/server-psp-role.yaml +++ b/templates/server-psp-role.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/server-psp-rolebinding.yaml b/templates/server-psp-rolebinding.yaml index 9b975d556..342f55379 100644 --- a/templates/server-psp-rolebinding.yaml +++ b/templates/server-psp-rolebinding.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/server-route.yaml b/templates/server-route.yaml index 3f35aefe2..4e955555a 100644 --- a/templates/server-route.yaml +++ b/templates/server-route.yaml @@ -14,7 +14,7 @@ kind: Route apiVersion: route.openshift.io/v1 metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-service.yaml b/templates/server-service.yaml index 8e34c88c5..444b15e60 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-serviceaccount.yaml b/templates/server-serviceaccount.yaml index e154f8dc2..216ea6178 100644 --- a/templates/server-serviceaccount.yaml +++ b/templates/server-serviceaccount.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index 7ab7de8e2..519d421c3 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -12,7 +12,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/tests/server-test.yaml b/templates/tests/server-test.yaml index 59b150109..3b1d329e2 100644 --- a/templates/tests/server-test.yaml +++ b/templates/tests/server-test.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Pod metadata: name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} annotations: "helm.sh/hook": test spec: diff --git a/templates/ui-service.yaml b/templates/ui-service.yaml index 4b2e8f7e4..261732ba1 100644 --- a/templates/ui-service.yaml +++ b/templates/ui-service.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }}-ui From d01cbc9d3db374c24b7153caab3facf605c4e6d9 Mon Sep 17 00:00:00 2001 From: KhizerJaan Date: Wed, 21 Jun 2023 02:07:44 +0500 Subject: [PATCH 2/7] Updates CHANGELOG.md and schema , Adds unit tests --- CHANGELOG.md | 2 + templates/csi-agent-configmap.yaml | 2 +- templates/csi-daemonset.yaml | 2 +- templates/csi-role.yaml | 1 + templates/csi-rolebinding.yaml | 1 + templates/injector-deployment.yaml | 4 +- templates/prometheus-servicemonitor.yaml | 2 +- templates/tests/server-test.yaml | 2 +- test/unit/csi-agent-configmap.bats | 19 ++++++++ test/unit/csi-clusterrolebinding.bats | 20 ++++++++ test/unit/csi-daemonset.bats | 20 ++++++++ test/unit/csi-role.bats | 19 ++++++++ test/unit/csi-rolebinding.bats | 19 ++++++++ test/unit/csi-serviceaccount.bats | 20 ++++++++ test/unit/injector-clusterrolebinding.bats | 19 ++++++++ test/unit/injector-deployment.bats | 19 ++++++++ test/unit/injector-disruptionbudget.bats | 19 ++++++++ test/unit/injector-leader-elector.bats | 51 +++++++++++++++++++-- test/unit/injector-mutating-webhook.bats | 17 ++++++- test/unit/injector-psp-role.bats | 21 +++++++++ test/unit/injector-psp-rolebinding.bats | 21 +++++++++ test/unit/injector-service.bats | 17 +++++++ test/unit/injector-serviceaccount.bats | 17 +++++++ test/unit/server-clusterrolebinding.bats | 17 +++++++ test/unit/server-configmap.bats | 17 +++++++ test/unit/server-discovery-role.bats | 19 ++++++++ test/unit/server-discovery-rolebinding.bats | 19 ++++++++ test/unit/server-ha-active-service.bats | 19 ++++++++ test/unit/server-ha-disruptionbudget.bats | 19 ++++++++ test/unit/server-ha-standby-service.bats | 19 ++++++++ test/unit/server-headless-service.bats | 19 ++++++++ test/unit/server-ingress.bats | 19 ++++++++ test/unit/server-psp-role.bats | 19 ++++++++ test/unit/server-psp-rolebinding.bats | 19 ++++++++ test/unit/server-route.bats | 21 +++++++++ test/unit/server-service.bats | 19 ++++++++ test/unit/server-serviceaccount.bats | 19 ++++++++ test/unit/server-statefulset.bats | 19 ++++++++ values.schema.json | 3 ++ values.yaml | 4 ++ 40 files changed, 614 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eabf9fe54..856dfb31e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,9 +44,11 @@ Features: Bugs: * server: Quote `.server.ha.clusterAddr` value [GH-810](https://github.com/hashicorp/vault-helm/pull/810) +* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) Improvements: * injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798) +* Add `namespaceOverride` to specify namespace from values or command line. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) ## 0.22.1 (October 26th, 2022) diff --git a/templates/csi-agent-configmap.yaml b/templates/csi-agent-configmap.yaml index 6b0a579b3..18cdb04ac 100644 --- a/templates/csi-agent-configmap.yaml +++ b/templates/csi-agent-configmap.yaml @@ -21,7 +21,7 @@ data: {{- if .Values.global.externalVaultAddr }} "address" = "{{ .Values.global.externalVaultAddr }}" {{- else }} - "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}" + "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}" {{- end }} } diff --git a/templates/csi-daemonset.yaml b/templates/csi-daemonset.yaml index 3976aca46..1436ff905 100644 --- a/templates/csi-daemonset.yaml +++ b/templates/csi-daemonset.yaml @@ -71,7 +71,7 @@ spec: {{- else if .Values.global.externalVaultAddr }} value: "{{ .Values.global.externalVaultAddr }}" {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} + value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }} {{- end }} volumeMounts: - name: providervol diff --git a/templates/csi-role.yaml b/templates/csi-role.yaml index dd23af655..17e1918b4 100644 --- a/templates/csi-role.yaml +++ b/templates/csi-role.yaml @@ -9,6 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "vault.fullname" . }}-csi-provider-role + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/csi-rolebinding.yaml b/templates/csi-rolebinding.yaml index 0df142b62..3d3b981b8 100644 --- a/templates/csi-rolebinding.yaml +++ b/templates/csi-rolebinding.yaml @@ -9,6 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-csi-provider-rolebinding + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/templates/injector-deployment.yaml b/templates/injector-deployment.yaml index e9b9f16b9..822e8e41d 100644 --- a/templates/injector-deployment.yaml +++ b/templates/injector-deployment.yaml @@ -64,7 +64,7 @@ spec: {{- else if .Values.injector.externalVaultAddr }} value: "{{ .Values.injector.externalVaultAddr }}" {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} + value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }} {{- end }} - name: AGENT_INJECT_VAULT_AUTH_PATH value: {{ .Values.injector.authPath }} @@ -79,7 +79,7 @@ spec: - name: AGENT_INJECT_TLS_AUTO value: {{ template "vault.fullname" . }}-agent-injector-cfg - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc + value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }}.svc {{- end }} - name: AGENT_INJECT_LOG_FORMAT value: {{ .Values.injector.logFormat | default "standard" }} diff --git a/templates/prometheus-servicemonitor.yaml b/templates/prometheus-servicemonitor.yaml index 60f2729a0..25d30a468 100644 --- a/templates/prometheus-servicemonitor.yaml +++ b/templates/prometheus-servicemonitor.yaml @@ -45,5 +45,5 @@ spec: insecureSkipVerify: true namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "vault.namespace" . }} {{ end }} diff --git a/templates/tests/server-test.yaml b/templates/tests/server-test.yaml index 3b1d329e2..2c577aa24 100644 --- a/templates/tests/server-test.yaml +++ b/templates/tests/server-test.yaml @@ -21,7 +21,7 @@ spec: imagePullPolicy: {{ .Values.server.image.pullPolicy }} env: - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} + value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }} {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} command: - /bin/sh diff --git a/test/unit/csi-agent-configmap.bats b/test/unit/csi-agent-configmap.bats index 4ae4a30b8..3afda95cc 100644 --- a/test/unit/csi-agent-configmap.bats +++ b/test/unit/csi-agent-configmap.bats @@ -21,6 +21,25 @@ load _helpers [ "${actual}" = "release-name-vault-csi-provider-agent-config" ] } +@test "csi/Agent-ConfigMap: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-agent-configmap.yaml \ + --set "csi.enabled=true" \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/csi-agent-configmap.yaml \ + --set "csi.enabled=true" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "csi/Agent-ConfigMap: Vault addr not affected by injector setting" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/csi-clusterrolebinding.bats b/test/unit/csi-clusterrolebinding.bats index ccd98c55a..22e862960 100644 --- a/test/unit/csi-clusterrolebinding.bats +++ b/test/unit/csi-clusterrolebinding.bats @@ -41,4 +41,24 @@ load _helpers . | tee /dev/stderr | yq -r '.subjects[0].name' | tee /dev/stderr) [ "${actual}" = "release-name-vault-csi-provider" ] +} + +# ClusterRoleBinding service account namespace +@test "csi/ClusterRoleBinding: service account namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-clusterrolebinding.yaml \ + --set "csi.enabled=true" \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.subjects[0].namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/csi-clusterrolebinding.yaml \ + --set "csi.enabled=true" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.subjects[0].namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] } \ No newline at end of file diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats index e1fd0ef02..6e56b5c85 100644 --- a/test/unit/csi-daemonset.bats +++ b/test/unit/csi-daemonset.bats @@ -30,6 +30,26 @@ load _helpers [ "${actual}" = "true" ] } +# namespace +@test "csi/daemonset: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set "csi.enabled=true" \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set "csi.enabled=true" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + # priorityClassName @test "csi/daemonset: priorityClassName not set by default" { diff --git a/test/unit/csi-role.bats b/test/unit/csi-role.bats index e7eb7e62c..5e639f4b4 100644 --- a/test/unit/csi-role.bats +++ b/test/unit/csi-role.bats @@ -27,6 +27,25 @@ load _helpers [ "${actual}" = "vault-csi-provider-hmac-key" ] } +@test "csi/Role: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-role.yaml \ + --set "csi.enabled=true" \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/csi-role.yaml \ + --set "csi.enabled=true" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "csi/Role: HMAC secret name configurable" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/csi-rolebinding.bats b/test/unit/csi-rolebinding.bats index caf368b74..872fed3a4 100644 --- a/test/unit/csi-rolebinding.bats +++ b/test/unit/csi-rolebinding.bats @@ -19,4 +19,23 @@ load _helpers . | tee /dev/stderr | yq -r '.metadata.name' | tee /dev/stderr) [ "${actual}" = "release-name-vault-csi-provider-rolebinding" ] +} + +@test "csi/RoleBinding: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-rolebinding.yaml \ + --set "csi.enabled=true" \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/csi-rolebinding.yaml \ + --set "csi.enabled=true" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] } \ No newline at end of file diff --git a/test/unit/csi-serviceaccount.bats b/test/unit/csi-serviceaccount.bats index 41c17349f..f75eded23 100644 --- a/test/unit/csi-serviceaccount.bats +++ b/test/unit/csi-serviceaccount.bats @@ -32,6 +32,26 @@ load _helpers [ "${actual}" = "release-name-vault-csi-provider" ] } +# serviceAccountNamespace namespace +@test "csi/daemonset: serviceAccountNamespace namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-serviceaccount.yaml \ + --set "csi.enabled=true" \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/csi-serviceaccount.yaml \ + --set "csi.enabled=true" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "csi/serviceAccount: specify annotations" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/injector-clusterrolebinding.bats b/test/unit/injector-clusterrolebinding.bats index 6e217878b..597b3a7dd 100755 --- a/test/unit/injector-clusterrolebinding.bats +++ b/test/unit/injector-clusterrolebinding.bats @@ -20,3 +20,22 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] } + +@test "injector/ClusterRoleBinding: service account namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-clusterrolebinding.yaml \ + --set "injector.enabled=true" \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.subjects[0].namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-clusterrolebinding.yaml \ + --set "injector.enabled=true" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.subjects[0].namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/injector-deployment.bats b/test/unit/injector-deployment.bats index 7723a1565..9816d5dfd 100755 --- a/test/unit/injector-deployment.bats +++ b/test/unit/injector-deployment.bats @@ -42,6 +42,25 @@ load _helpers [ "${actual}" = "true" ] } +@test "injector/deployment: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-deployment.yaml \ + --set 'injector.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-deployment.yaml \ + --set 'injector.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "injector/deployment: image defaults to injector.image" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/injector-disruptionbudget.bats b/test/unit/injector-disruptionbudget.bats index 72be93fcc..9f2d64a23 100755 --- a/test/unit/injector-disruptionbudget.bats +++ b/test/unit/injector-disruptionbudget.bats @@ -11,6 +11,25 @@ load _helpers [ "${actual}" = "false" ] } +@test "injector/DisruptionBudget: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-disruptionbudget.yaml \ + --set 'injector.podDisruptionBudget.minAvailable=2' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-disruptionbudget.yaml \ + --set 'injector.podDisruptionBudget.minAvailable=2' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "injector/DisruptionBudget: configure with injector.podDisruptionBudget minAvailable" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/injector-leader-elector.bats b/test/unit/injector-leader-elector.bats index bbd482985..b2ac9eedd 100644 --- a/test/unit/injector-leader-elector.bats +++ b/test/unit/injector-leader-elector.bats @@ -95,7 +95,22 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "\"foo\"" ] + [ "${actual}" = "foo" ] + local actual=$( (helm template \ + --show-only templates/injector-certs-secret.yaml \ + --set "injector.replicas=2" \ + --namespace foo \ + . || echo "---") | tee /dev/stderr | + yq '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$( (helm template \ + --show-only templates/injector-certs-secret.yaml \ + --set "injector.replicas=2" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . || echo "---") | tee /dev/stderr | + yq '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] } @test "injector/role: created/skipped as appropriate" { @@ -146,7 +161,22 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "\"foo\"" ] + [ "${actual}" = "foo" ] + local actual=$( (helm template \ + --show-only templates/injector-role.yaml \ + --set "injector.replicas=2" \ + --namespace foo \ + . || echo "---") | tee /dev/stderr | + yq '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$( (helm template \ + --show-only templates/injector-role.yaml \ + --set "injector.replicas=2" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . || echo "---") | tee /dev/stderr | + yq '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] } @test "injector/rolebinding: created/skipped as appropriate" { @@ -197,5 +227,20 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "\"foo\"" ] + [ "${actual}" = "foo" ] + local actual=$( (helm template \ + --show-only templates/injector-rolebinding.yaml \ + --set "injector.replicas=2" \ + --namespace foo \ + . || echo "---") | tee /dev/stderr | + yq '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$( (helm template \ + --show-only templates/injector-rolebinding.yaml \ + --set "injector.replicas=2" \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . || echo "---") | tee /dev/stderr | + yq '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] } diff --git a/test/unit/injector-mutating-webhook.bats b/test/unit/injector-mutating-webhook.bats index 0a8be0a3c..c613e3aec 100755 --- a/test/unit/injector-mutating-webhook.bats +++ b/test/unit/injector-mutating-webhook.bats @@ -39,7 +39,22 @@ load _helpers --namespace foo \ . | tee /dev/stderr | yq '.webhooks[0].clientConfig.service.namespace' | tee /dev/stderr) - [ "${actual}" = "\"foo\"" ] + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-mutating-webhook.yaml \ + --set 'injector.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq '.webhooks[0].clientConfig.service.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-mutating-webhook.yaml \ + --set 'injector.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq '.webhooks[0].clientConfig.service.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] } @test "injector/MutatingWebhookConfiguration: caBundle is empty string" { diff --git a/test/unit/injector-psp-role.bats b/test/unit/injector-psp-role.bats index 8e7acd7d5..8f8beca17 100644 --- a/test/unit/injector-psp-role.bats +++ b/test/unit/injector-psp-role.bats @@ -33,3 +33,24 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] } + +@test "injector/PodSecurityPolicy-Role: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-psp-role.yaml \ + --set 'injector.enabled=true' \ + --set 'global.psp.enable=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-psp-role.yaml \ + --set 'injector.enabled=true' \ + --set 'global.psp.enable=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/injector-psp-rolebinding.bats b/test/unit/injector-psp-rolebinding.bats index 88bfe7900..024eaba15 100644 --- a/test/unit/injector-psp-rolebinding.bats +++ b/test/unit/injector-psp-rolebinding.bats @@ -33,3 +33,24 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] } + +@test "injector/PodSecurityPolicy-RoleBinding: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-psp-rolebinding.yaml \ + --set 'injector.enabled=true' \ + --set 'global.psp.enable=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-psp-rolebinding.yaml \ + --set 'injector.enabled=true' \ + --set 'global.psp.enable=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/injector-service.bats b/test/unit/injector-service.bats index 027eaa080..3d4f384cd 100755 --- a/test/unit/injector-service.bats +++ b/test/unit/injector-service.bats @@ -18,6 +18,23 @@ load _helpers [ "${actual}" = "true" ] } +@test "injector/Service: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-service.yaml \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-service.yaml \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "injector/Service: service with default port" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/injector-serviceaccount.bats b/test/unit/injector-serviceaccount.bats index bf178a3ac..f6033f72b 100755 --- a/test/unit/injector-serviceaccount.bats +++ b/test/unit/injector-serviceaccount.bats @@ -21,6 +21,23 @@ load _helpers [ "${actual}" = "false" ] } +@test "injector/ServiceAccount: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-serviceaccount.yaml \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/injector-serviceaccount.yaml \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "injector/ServiceAccount: generic annotations" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/server-clusterrolebinding.bats b/test/unit/server-clusterrolebinding.bats index 9d05aeaf1..1876edc29 100755 --- a/test/unit/server-clusterrolebinding.bats +++ b/test/unit/server-clusterrolebinding.bats @@ -71,3 +71,20 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] } + +@test "server/ClusterRoleBinding: service account namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-clusterrolebinding.yaml \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.subjects[0].namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-clusterrolebinding.yaml \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.subjects[0].namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/server-configmap.bats b/test/unit/server-configmap.bats index fe2ac1257..ad4e4d548 100755 --- a/test/unit/server-configmap.bats +++ b/test/unit/server-configmap.bats @@ -75,6 +75,23 @@ load _helpers [ "${actual}" = "false" ] } +@test "server/ConfigMap: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-config-configmap.yaml \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-config-configmap.yaml \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/ConfigMap: standalone extraConfig is set" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/server-discovery-role.bats b/test/unit/server-discovery-role.bats index 11473a081..d62caa529 100755 --- a/test/unit/server-discovery-role.bats +++ b/test/unit/server-discovery-role.bats @@ -39,3 +39,22 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] } + +@test "server/DiscoveryRole: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-discovery-role.yaml \ + --set 'server.ha.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-discovery-role.yaml \ + --set 'server.ha.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/server-discovery-rolebinding.bats b/test/unit/server-discovery-rolebinding.bats index 568c24072..eb786e4f9 100755 --- a/test/unit/server-discovery-rolebinding.bats +++ b/test/unit/server-discovery-rolebinding.bats @@ -39,3 +39,22 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] } + +@test "server/DiscoveryRoleBinding: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-discovery-rolebinding.yaml \ + --set 'server.ha.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-discovery-rolebinding.yaml \ + --set 'server.ha.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/server-ha-active-service.bats b/test/unit/server-ha-active-service.bats index d78f5d457..716d92010 100755 --- a/test/unit/server-ha-active-service.bats +++ b/test/unit/server-ha-active-service.bats @@ -47,6 +47,25 @@ load _helpers [ "${actual}" = "false" ] } +@test "server/ha-active-Service: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-ha-active-service.yaml \ + --set 'server.ha.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-ha-active-service.yaml \ + --set 'server.ha.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/ha-active-Service: type empty by default" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/server-ha-disruptionbudget.bats b/test/unit/server-ha-disruptionbudget.bats index 4cb3ae63b..7547b8d22 100755 --- a/test/unit/server-ha-disruptionbudget.bats +++ b/test/unit/server-ha-disruptionbudget.bats @@ -53,6 +53,25 @@ load _helpers [ "${actual}" = "false" ] } +@test "server/DisruptionBudget: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-disruptionbudget.yaml \ + --set 'server.ha.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-disruptionbudget.yaml \ + --set 'server.ha.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/DisruptionBudget: correct maxUnavailable with n=1" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/server-ha-standby-service.bats b/test/unit/server-ha-standby-service.bats index 669831411..4aa56b338 100755 --- a/test/unit/server-ha-standby-service.bats +++ b/test/unit/server-ha-standby-service.bats @@ -58,6 +58,25 @@ load _helpers [ "${actual}" = "false" ] } +@test "server/ha-standby-Service: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.ha.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.ha.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/ha-standby-Service: type empty by default" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/server-headless-service.bats b/test/unit/server-headless-service.bats index 7c0e44160..ab4afd568 100644 --- a/test/unit/server-headless-service.bats +++ b/test/unit/server-headless-service.bats @@ -35,3 +35,22 @@ load _helpers yq -r '.spec.selector["app.kubernetes.io/instance"]' | tee /dev/stderr) [ "${actual}" = "release-name" ] } + +@test "server/headless-Service: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-headless-service.yaml \ + --set 'server.ha.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-headless-service.yaml \ + --set 'server.ha.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/server-ingress.bats b/test/unit/server-ingress.bats index 0cc5b266c..b4f7e8d57 100755 --- a/test/unit/server-ingress.bats +++ b/test/unit/server-ingress.bats @@ -11,6 +11,25 @@ load _helpers [ "${actual}" = "false" ] } +@test "server/ingress: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-ingress.yaml \ + --set 'server.ingress.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-ingress.yaml \ + --set 'server.ingress.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/ingress: disable by injector.externalVaultAddr" { cd `chart_dir` local actual=$( (helm template \ diff --git a/test/unit/server-psp-role.bats b/test/unit/server-psp-role.bats index 1d3e62c4c..6051ec23e 100644 --- a/test/unit/server-psp-role.bats +++ b/test/unit/server-psp-role.bats @@ -109,3 +109,22 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] } + +@test "server/PSP-Role: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-psp-role.yaml \ + --set 'global.psp.enable=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-psp-role.yaml \ + --set 'global.psp.enable=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/server-psp-rolebinding.bats b/test/unit/server-psp-rolebinding.bats index 4171219f6..d0cf1477c 100644 --- a/test/unit/server-psp-rolebinding.bats +++ b/test/unit/server-psp-rolebinding.bats @@ -109,3 +109,22 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] } + +@test "server/PSP-RoleBinding: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-psp-rolebinding.yaml \ + --set 'global.psp.enable=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-psp-rolebinding.yaml \ + --set 'global.psp.enable=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} \ No newline at end of file diff --git a/test/unit/server-route.bats b/test/unit/server-route.bats index 51b1a3021..53150bba9 100755 --- a/test/unit/server-route.bats +++ b/test/unit/server-route.bats @@ -24,6 +24,27 @@ load _helpers [ "${actual}" = "false" ] } +@test "server/route: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-route.yaml \ + --set 'global.openshift=true' \ + --set 'server.route.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-route.yaml \ + --set 'global.openshift=true' \ + --set 'server.route.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/route: OpenShift - checking host entry gets added and path is /" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/server-service.bats b/test/unit/server-service.bats index 70a544598..03db4a7d0 100755 --- a/test/unit/server-service.bats +++ b/test/unit/server-service.bats @@ -113,6 +113,25 @@ load _helpers [ "${actual}" = "false" ] } +@test "server/Service: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'server.service.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'server.service.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/Service: disable with injector.externalVaultAddr" { cd `chart_dir` local actual=$( (helm template \ diff --git a/test/unit/server-serviceaccount.bats b/test/unit/server-serviceaccount.bats index 2c826032e..a8edc6b2b 100755 --- a/test/unit/server-serviceaccount.bats +++ b/test/unit/server-serviceaccount.bats @@ -30,6 +30,25 @@ load _helpers } +@test "server/ServiceAccount: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-serviceaccount.yaml \ + --set 'server.serviceAccount.create=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-serviceaccount.yaml \ + --set 'server.serviceAccount.create=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/ServiceAccount: specify annotations" { cd `chart_dir` local actual=$(helm template \ diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index 67cde811b..9f8a88a19 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -78,6 +78,25 @@ load _helpers [ "${actual}" = "false" ] } +@test "server/standalone-StatefulSet: namespace" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.standalone.enabled=true' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "foo" ] + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.standalone.enabled=true' \ + --set 'namespaceOverride=bar' \ + --namespace foo \ + . | tee /dev/stderr | + yq -r '.metadata.namespace' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} + @test "server/standalone-StatefulSet: image defaults to server.image.repository:tag" { cd `chart_dir` local actual=$(helm template \ diff --git a/values.schema.json b/values.schema.json index ecb97dece..a82f7552d 100644 --- a/values.schema.json +++ b/values.schema.json @@ -2,6 +2,9 @@ "$schema": "http://json-schema.org/schema#", "type": "object", "properties": { + "namespaceOverride": { + "type": "string" + }, "csi": { "type": "object", "properties": { diff --git a/values.yaml b/values.yaml index 15852c896..9009cb2a6 100644 --- a/values.yaml +++ b/values.yaml @@ -3,6 +3,10 @@ # Available parameters and their default values for the Vault chart. +# Allows to specify namespace other than Release.Namespace +# If empty, default namespace would be Release.Namespace +namespaceOverride: "" + global: # enabled is the master enabled switch. Setting this to true or false # will enable or disable all the components within this chart by default. From afa6ee3605f052cf3f4f35f591454b0761ab5472 Mon Sep 17 00:00:00 2001 From: KhizerJaan Date: Mon, 26 Jun 2023 21:57:15 +0500 Subject: [PATCH 3/7] updates nemspaceOverride to namespace --- CHANGELOG.md | 2 +- templates/_helpers.tpl | 2 +- test/unit/csi-agent-configmap.bats | 2 +- test/unit/csi-clusterrolebinding.bats | 2 +- test/unit/csi-daemonset.bats | 2 +- test/unit/csi-role.bats | 2 +- test/unit/csi-rolebinding.bats | 2 +- test/unit/csi-serviceaccount.bats | 2 +- test/unit/injector-clusterrolebinding.bats | 2 +- test/unit/injector-deployment.bats | 2 +- test/unit/injector-disruptionbudget.bats | 2 +- test/unit/injector-leader-elector.bats | 27 +++------------------ test/unit/injector-mutating-webhook.bats | 9 +------ test/unit/injector-psp-role.bats | 2 +- test/unit/injector-psp-rolebinding.bats | 2 +- test/unit/injector-service.bats | 2 +- test/unit/injector-serviceaccount.bats | 2 +- test/unit/server-clusterrolebinding.bats | 2 +- test/unit/server-configmap.bats | 2 +- test/unit/server-discovery-role.bats | 2 +- test/unit/server-discovery-rolebinding.bats | 2 +- test/unit/server-ha-active-service.bats | 2 +- test/unit/server-ha-disruptionbudget.bats | 2 +- test/unit/server-ha-standby-service.bats | 2 +- test/unit/server-headless-service.bats | 2 +- test/unit/server-ingress.bats | 2 +- test/unit/server-psp-role.bats | 2 +- test/unit/server-psp-rolebinding.bats | 2 +- test/unit/server-route.bats | 2 +- test/unit/server-service.bats | 2 +- test/unit/server-serviceaccount.bats | 2 +- test/unit/server-statefulset.bats | 2 +- values.schema.json | 6 ++--- values.yaml | 6 ++--- 34 files changed, 40 insertions(+), 68 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 856dfb31e..07b783538 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -48,7 +48,7 @@ Bugs: Improvements: * injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798) -* Add `namespaceOverride` to specify namespace from values or command line. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) +* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) ## 0.22.1 (October 26th, 2022) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 63e27fc1e..d796ab57d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -40,7 +40,7 @@ Expand the name of the chart. Allow the release namespace to be overridden */}} {{- define "vault.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride -}} +{{- default .Release.Namespace .Values.global.namespace -}} {{- end -}} {{/* diff --git a/test/unit/csi-agent-configmap.bats b/test/unit/csi-agent-configmap.bats index 3afda95cc..515e4c84e 100644 --- a/test/unit/csi-agent-configmap.bats +++ b/test/unit/csi-agent-configmap.bats @@ -33,7 +33,7 @@ load _helpers local actual=$(helm template \ --show-only templates/csi-agent-configmap.yaml \ --set "csi.enabled=true" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/csi-clusterrolebinding.bats b/test/unit/csi-clusterrolebinding.bats index 22e862960..6490d2c0d 100644 --- a/test/unit/csi-clusterrolebinding.bats +++ b/test/unit/csi-clusterrolebinding.bats @@ -56,7 +56,7 @@ load _helpers local actual=$(helm template \ --show-only templates/csi-clusterrolebinding.yaml \ --set "csi.enabled=true" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.subjects[0].namespace' | tee /dev/stderr) diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats index 6e56b5c85..d3d4221e5 100644 --- a/test/unit/csi-daemonset.bats +++ b/test/unit/csi-daemonset.bats @@ -43,7 +43,7 @@ load _helpers local actual=$(helm template \ --show-only templates/csi-daemonset.yaml \ --set "csi.enabled=true" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/csi-role.bats b/test/unit/csi-role.bats index 5e639f4b4..88f7d0590 100644 --- a/test/unit/csi-role.bats +++ b/test/unit/csi-role.bats @@ -39,7 +39,7 @@ load _helpers local actual=$(helm template \ --show-only templates/csi-role.yaml \ --set "csi.enabled=true" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/csi-rolebinding.bats b/test/unit/csi-rolebinding.bats index 872fed3a4..dc4a1afdd 100644 --- a/test/unit/csi-rolebinding.bats +++ b/test/unit/csi-rolebinding.bats @@ -33,7 +33,7 @@ load _helpers local actual=$(helm template \ --show-only templates/csi-rolebinding.yaml \ --set "csi.enabled=true" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/csi-serviceaccount.bats b/test/unit/csi-serviceaccount.bats index f75eded23..aa89749be 100644 --- a/test/unit/csi-serviceaccount.bats +++ b/test/unit/csi-serviceaccount.bats @@ -45,7 +45,7 @@ load _helpers local actual=$(helm template \ --show-only templates/csi-serviceaccount.yaml \ --set "csi.enabled=true" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/injector-clusterrolebinding.bats b/test/unit/injector-clusterrolebinding.bats index 597b3a7dd..e997ebd6b 100755 --- a/test/unit/injector-clusterrolebinding.bats +++ b/test/unit/injector-clusterrolebinding.bats @@ -33,7 +33,7 @@ load _helpers local actual=$(helm template \ --show-only templates/injector-clusterrolebinding.yaml \ --set "injector.enabled=true" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.subjects[0].namespace' | tee /dev/stderr) diff --git a/test/unit/injector-deployment.bats b/test/unit/injector-deployment.bats index 9816d5dfd..7b2bb5ae9 100755 --- a/test/unit/injector-deployment.bats +++ b/test/unit/injector-deployment.bats @@ -54,7 +54,7 @@ load _helpers local actual=$(helm template \ --show-only templates/injector-deployment.yaml \ --set 'injector.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/injector-disruptionbudget.bats b/test/unit/injector-disruptionbudget.bats index 9f2d64a23..4ce55157f 100755 --- a/test/unit/injector-disruptionbudget.bats +++ b/test/unit/injector-disruptionbudget.bats @@ -23,7 +23,7 @@ load _helpers local actual=$(helm template \ --show-only templates/injector-disruptionbudget.yaml \ --set 'injector.podDisruptionBudget.minAvailable=2' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/injector-leader-elector.bats b/test/unit/injector-leader-elector.bats index b2ac9eedd..37166baca 100644 --- a/test/unit/injector-leader-elector.bats +++ b/test/unit/injector-leader-elector.bats @@ -99,14 +99,7 @@ load _helpers local actual=$( (helm template \ --show-only templates/injector-certs-secret.yaml \ --set "injector.replicas=2" \ - --namespace foo \ - . || echo "---") | tee /dev/stderr | - yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "foo" ] - local actual=$( (helm template \ - --show-only templates/injector-certs-secret.yaml \ - --set "injector.replicas=2" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) @@ -165,14 +158,7 @@ load _helpers local actual=$( (helm template \ --show-only templates/injector-role.yaml \ --set "injector.replicas=2" \ - --namespace foo \ - . || echo "---") | tee /dev/stderr | - yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "foo" ] - local actual=$( (helm template \ - --show-only templates/injector-role.yaml \ - --set "injector.replicas=2" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) @@ -231,14 +217,7 @@ load _helpers local actual=$( (helm template \ --show-only templates/injector-rolebinding.yaml \ --set "injector.replicas=2" \ - --namespace foo \ - . || echo "---") | tee /dev/stderr | - yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "foo" ] - local actual=$( (helm template \ - --show-only templates/injector-rolebinding.yaml \ - --set "injector.replicas=2" \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/injector-mutating-webhook.bats b/test/unit/injector-mutating-webhook.bats index c613e3aec..479ef37b8 100755 --- a/test/unit/injector-mutating-webhook.bats +++ b/test/unit/injector-mutating-webhook.bats @@ -43,14 +43,7 @@ load _helpers local actual=$(helm template \ --show-only templates/injector-mutating-webhook.yaml \ --set 'injector.enabled=true' \ - --namespace foo \ - . | tee /dev/stderr | - yq '.webhooks[0].clientConfig.service.namespace' | tee /dev/stderr) - [ "${actual}" = "foo" ] - local actual=$(helm template \ - --show-only templates/injector-mutating-webhook.yaml \ - --set 'injector.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq '.webhooks[0].clientConfig.service.namespace' | tee /dev/stderr) diff --git a/test/unit/injector-psp-role.bats b/test/unit/injector-psp-role.bats index 8f8beca17..3dda504c2 100644 --- a/test/unit/injector-psp-role.bats +++ b/test/unit/injector-psp-role.bats @@ -48,7 +48,7 @@ load _helpers --show-only templates/injector-psp-role.yaml \ --set 'injector.enabled=true' \ --set 'global.psp.enable=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/injector-psp-rolebinding.bats b/test/unit/injector-psp-rolebinding.bats index 024eaba15..62afe7b50 100644 --- a/test/unit/injector-psp-rolebinding.bats +++ b/test/unit/injector-psp-rolebinding.bats @@ -48,7 +48,7 @@ load _helpers --show-only templates/injector-psp-rolebinding.yaml \ --set 'injector.enabled=true' \ --set 'global.psp.enable=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/injector-service.bats b/test/unit/injector-service.bats index 3d4f384cd..b5eea4960 100755 --- a/test/unit/injector-service.bats +++ b/test/unit/injector-service.bats @@ -28,7 +28,7 @@ load _helpers [ "${actual}" = "foo" ] local actual=$(helm template \ --show-only templates/injector-service.yaml \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/injector-serviceaccount.bats b/test/unit/injector-serviceaccount.bats index f6033f72b..f7ba319ba 100755 --- a/test/unit/injector-serviceaccount.bats +++ b/test/unit/injector-serviceaccount.bats @@ -31,7 +31,7 @@ load _helpers [ "${actual}" = "foo" ] local actual=$(helm template \ --show-only templates/injector-serviceaccount.yaml \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-clusterrolebinding.bats b/test/unit/server-clusterrolebinding.bats index 1876edc29..d80f05f3d 100755 --- a/test/unit/server-clusterrolebinding.bats +++ b/test/unit/server-clusterrolebinding.bats @@ -82,7 +82,7 @@ load _helpers [ "${actual}" = "foo" ] local actual=$(helm template \ --show-only templates/server-clusterrolebinding.yaml \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.subjects[0].namespace' | tee /dev/stderr) diff --git a/test/unit/server-configmap.bats b/test/unit/server-configmap.bats index ad4e4d548..eea7e7008 100755 --- a/test/unit/server-configmap.bats +++ b/test/unit/server-configmap.bats @@ -85,7 +85,7 @@ load _helpers [ "${actual}" = "foo" ] local actual=$(helm template \ --show-only templates/server-config-configmap.yaml \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-discovery-role.bats b/test/unit/server-discovery-role.bats index d62caa529..f17dcf44d 100755 --- a/test/unit/server-discovery-role.bats +++ b/test/unit/server-discovery-role.bats @@ -52,7 +52,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-discovery-role.yaml \ --set 'server.ha.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-discovery-rolebinding.bats b/test/unit/server-discovery-rolebinding.bats index eb786e4f9..83e8defd1 100755 --- a/test/unit/server-discovery-rolebinding.bats +++ b/test/unit/server-discovery-rolebinding.bats @@ -52,7 +52,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-discovery-rolebinding.yaml \ --set 'server.ha.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-ha-active-service.bats b/test/unit/server-ha-active-service.bats index 716d92010..b7e2ec5f2 100755 --- a/test/unit/server-ha-active-service.bats +++ b/test/unit/server-ha-active-service.bats @@ -59,7 +59,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-active-service.yaml \ --set 'server.ha.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-ha-disruptionbudget.bats b/test/unit/server-ha-disruptionbudget.bats index 7547b8d22..4daff30e6 100755 --- a/test/unit/server-ha-disruptionbudget.bats +++ b/test/unit/server-ha-disruptionbudget.bats @@ -65,7 +65,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-disruptionbudget.yaml \ --set 'server.ha.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-ha-standby-service.bats b/test/unit/server-ha-standby-service.bats index 4aa56b338..5f2654e44 100755 --- a/test/unit/server-ha-standby-service.bats +++ b/test/unit/server-ha-standby-service.bats @@ -70,7 +70,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-standby-service.yaml \ --set 'server.ha.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-headless-service.bats b/test/unit/server-headless-service.bats index ab4afd568..8a1f52fe8 100644 --- a/test/unit/server-headless-service.bats +++ b/test/unit/server-headless-service.bats @@ -48,7 +48,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-headless-service.yaml \ --set 'server.ha.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-ingress.bats b/test/unit/server-ingress.bats index b4f7e8d57..90ed0a26c 100755 --- a/test/unit/server-ingress.bats +++ b/test/unit/server-ingress.bats @@ -23,7 +23,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ingress.yaml \ --set 'server.ingress.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-psp-role.bats b/test/unit/server-psp-role.bats index 6051ec23e..28239b05e 100644 --- a/test/unit/server-psp-role.bats +++ b/test/unit/server-psp-role.bats @@ -122,7 +122,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-psp-role.yaml \ --set 'global.psp.enable=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-psp-rolebinding.bats b/test/unit/server-psp-rolebinding.bats index d0cf1477c..4a4bae385 100644 --- a/test/unit/server-psp-rolebinding.bats +++ b/test/unit/server-psp-rolebinding.bats @@ -122,7 +122,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-psp-rolebinding.yaml \ --set 'global.psp.enable=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-route.bats b/test/unit/server-route.bats index 53150bba9..a1716fbed 100755 --- a/test/unit/server-route.bats +++ b/test/unit/server-route.bats @@ -38,7 +38,7 @@ load _helpers --show-only templates/server-route.yaml \ --set 'global.openshift=true' \ --set 'server.route.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-service.bats b/test/unit/server-service.bats index 03db4a7d0..b84e5b1d0 100755 --- a/test/unit/server-service.bats +++ b/test/unit/server-service.bats @@ -125,7 +125,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-service.yaml \ --set 'server.service.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-serviceaccount.bats b/test/unit/server-serviceaccount.bats index a8edc6b2b..9a688a9ea 100755 --- a/test/unit/server-serviceaccount.bats +++ b/test/unit/server-serviceaccount.bats @@ -42,7 +42,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-serviceaccount.yaml \ --set 'server.serviceAccount.create=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index 9f8a88a19..7dc01f584 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -90,7 +90,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-statefulset.yaml \ --set 'server.standalone.enabled=true' \ - --set 'namespaceOverride=bar' \ + --set 'global.namespace=bar' \ --namespace foo \ . | tee /dev/stderr | yq -r '.metadata.namespace' | tee /dev/stderr) diff --git a/values.schema.json b/values.schema.json index a82f7552d..2aefb06d0 100644 --- a/values.schema.json +++ b/values.schema.json @@ -2,9 +2,6 @@ "$schema": "http://json-schema.org/schema#", "type": "object", "properties": { - "namespaceOverride": { - "type": "string" - }, "csi": { "type": "object", "properties": { @@ -231,6 +228,9 @@ "enabled": { "type": "boolean" }, + "namespace": { + "type": "string" + }, "externalVaultAddr": { "type": "string" }, diff --git a/values.yaml b/values.yaml index 9009cb2a6..6795eeaf0 100644 --- a/values.yaml +++ b/values.yaml @@ -3,15 +3,15 @@ # Available parameters and their default values for the Vault chart. -# Allows to specify namespace other than Release.Namespace -# If empty, default namespace would be Release.Namespace -namespaceOverride: "" global: # enabled is the master enabled switch. Setting this to true or false # will enable or disable all the components within this chart by default. enabled: true + # The namespace to deploy to. Defaults to the `helm` installation namespace. + namespace: "" + # Image pull secret to use for registry authentication. # Alternatively, the value may be specified as an array of strings. imagePullSecrets: [] From 725034fd035d0796ad85377d655d75cf30e1147d Mon Sep 17 00:00:00 2001 From: KhizerJaan Date: Wed, 28 Jun 2023 21:03:47 +0500 Subject: [PATCH 4/7] Updates Bugs and Improvements to Unreleased --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07b783538..1f2465c64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,10 @@ Features: Bugs: * server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886) +* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) + +Improvements: +* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) ## 0.24.1 (April 17, 2023) @@ -44,11 +48,9 @@ Features: Bugs: * server: Quote `.server.ha.clusterAddr` value [GH-810](https://github.com/hashicorp/vault-helm/pull/810) -* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) Improvements: * injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798) -* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) ## 0.22.1 (October 26th, 2022) From 7c38bb248481b95f80547fe5e6a88b221c0e6e5c Mon Sep 17 00:00:00 2001 From: KhizerJaan <73934880+KhizerJaan@users.noreply.github.com> Date: Thu, 29 Jun 2023 00:44:04 +0500 Subject: [PATCH 5/7] Update values.yaml Co-authored-by: Tom Proctor --- values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/values.yaml b/values.yaml index 6795eeaf0..39ddec394 100644 --- a/values.yaml +++ b/values.yaml @@ -3,7 +3,6 @@ # Available parameters and their default values for the Vault chart. - global: # enabled is the master enabled switch. Setting this to true or false # will enable or disable all the components within this chart by default. From fc12280f1d8781fac4765e15a98bdd573eac3cda Mon Sep 17 00:00:00 2001 From: Tom Proctor Date: Tue, 4 Jul 2023 10:03:58 +0100 Subject: [PATCH 6/7] Fix changelog note position --- CHANGELOG.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79b4684a8..3e59adea4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ ## Unreleased +Bugs: +* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) + +Improvements: +* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) + ## 0.25.0 (June 26, 2023) Changes: @@ -15,10 +21,6 @@ Improvements: Bugs: * server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886) -* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) - -Improvements: -* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) ## 0.24.1 (April 17, 2023) From 52b26630f06438ac021b53e4d9199c71ed194ae4 Mon Sep 17 00:00:00 2001 From: KhizerJaan Date: Tue, 4 Jul 2023 15:43:00 +0500 Subject: [PATCH 7/7] escapes special characters --- test/unit/injector-leader-elector.bats | 12 ++++++------ test/unit/injector-mutating-webhook.bats | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/test/unit/injector-leader-elector.bats b/test/unit/injector-leader-elector.bats index 37166baca..e72354a9f 100644 --- a/test/unit/injector-leader-elector.bats +++ b/test/unit/injector-leader-elector.bats @@ -95,7 +95,7 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "foo" ] + [ "${actual}" = "\"foo\"" ] local actual=$( (helm template \ --show-only templates/injector-certs-secret.yaml \ --set "injector.replicas=2" \ @@ -103,7 +103,7 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "bar" ] + [ "${actual}" = "\"bar\"" ] } @test "injector/role: created/skipped as appropriate" { @@ -154,7 +154,7 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "foo" ] + [ "${actual}" = "\"foo\"" ] local actual=$( (helm template \ --show-only templates/injector-role.yaml \ --set "injector.replicas=2" \ @@ -162,7 +162,7 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "bar" ] + [ "${actual}" = "\"bar\"" ] } @test "injector/rolebinding: created/skipped as appropriate" { @@ -213,7 +213,7 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "foo" ] + [ "${actual}" = "\"foo\"" ] local actual=$( (helm template \ --show-only templates/injector-rolebinding.yaml \ --set "injector.replicas=2" \ @@ -221,5 +221,5 @@ load _helpers --namespace foo \ . || echo "---") | tee /dev/stderr | yq '.metadata.namespace' | tee /dev/stderr) - [ "${actual}" = "bar" ] + [ "${actual}" = "\"bar\"" ] } diff --git a/test/unit/injector-mutating-webhook.bats b/test/unit/injector-mutating-webhook.bats index 479ef37b8..fcf4e7b4a 100755 --- a/test/unit/injector-mutating-webhook.bats +++ b/test/unit/injector-mutating-webhook.bats @@ -39,7 +39,7 @@ load _helpers --namespace foo \ . | tee /dev/stderr | yq '.webhooks[0].clientConfig.service.namespace' | tee /dev/stderr) - [ "${actual}" = "foo" ] + [ "${actual}" = "\"foo\"" ] local actual=$(helm template \ --show-only templates/injector-mutating-webhook.yaml \ --set 'injector.enabled=true' \ @@ -47,7 +47,7 @@ load _helpers --namespace foo \ . | tee /dev/stderr | yq '.webhooks[0].clientConfig.service.namespace' | tee /dev/stderr) - [ "${actual}" = "bar" ] + [ "${actual}" = "\"bar\"" ] } @test "injector/MutatingWebhookConfiguration: caBundle is empty string" {