From 86f8e758f23dfcda38b025593f311ef2fdadce6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Zimmermann?= <101292599+ekneg54@users.noreply.github.com> Date: Thu, 15 Aug 2024 09:31:55 +0200 Subject: [PATCH] remove redundant charts features (#647) * remove unused charts features * update changelog * update chart version --- CHANGELOG.md | 4 +- charts/logprep/Chart.yaml | 2 +- charts/logprep/templates/deployment.yaml | 14 -- charts/logprep/values.yaml | 11 +- tests/unit/charts/test_deployment.py | 157 ----------------------- 5 files changed, 6 insertions(+), 182 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 547431bbb..65cd3e038 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,11 @@ ## next release ### Breaking ### Features -### Improvenets +### Improvements ### Bugfix +* remove redundant chart features for mounting secrets + ## 13.0.1 ### Improvements diff --git a/charts/logprep/Chart.yaml b/charts/logprep/Chart.yaml index 78170e7df..145a5771d 100644 --- a/charts/logprep/Chart.yaml +++ b/charts/logprep/Chart.yaml @@ -6,7 +6,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "13.2.2" +version: "13.2.3" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/logprep/templates/deployment.yaml b/charts/logprep/templates/deployment.yaml index c47a4d632..0df9e711d 100644 --- a/charts/logprep/templates/deployment.yaml +++ b/charts/logprep/templates/deployment.yaml @@ -103,13 +103,6 @@ spec: - name: output-config mountPath: /home/logprep/output-config.yaml subPath: output-config.yaml - {{- range $key, $value := .Values.secrets }} - {{ if ne $key "imagePullSecret" }} - - name: {{ lower $key }} - mountPath: /home/logprep/{{ lower $key }}/{{ lower $value.name }} - subPath: {{ $value.name }} - {{ end }} - {{- end }} {{- if .Values.extraMounts }} {{- toYaml .Values.extraMounts | nindent 12 }} {{- end }} @@ -179,13 +172,6 @@ spec: configMap: name: {{ include "logprep.fullname" . }}-artifacts {{- end }} - {{- range $key, $value := .Values.secrets }} - {{- if ne $key "imagePullSecret" }} - - name: {{ lower $key }} - secret: - secretName: {{ $value.name }} - {{- end }} - {{- end }} {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} diff --git a/charts/logprep/values.yaml b/charts/logprep/values.yaml index 3a12a402a..011405993 100644 --- a/charts/logprep/values.yaml +++ b/charts/logprep/values.yaml @@ -26,16 +26,9 @@ securityContext: runAsUser: 1000 readOnlyRootFilesystem: true -# Optional secrets that will be mounted into the pod -# Listed secrets are handled specially by the logprep deployment. -# Additional secrets will be mounted as usual. -# The key is the folder under /home/logprep and the value.name -# (which is the name of the external secret) will be the name of the mounted file. +# the image pull secret to use for the deployment +# to mount extra secrets into the pod, use the extraVolumes and extraMounts fields # secrets: -# certificates: -# name: ca-cert # Name of the secret containing the ca certificate (or chain) in one data block -# credentials: -# name: logprep-credentials # Name of the secret containing the logprep credentials file # imagePullSecret: # name: logprep-image-pull-secret # Name of the secret containing the image pull secret secrets: {} diff --git a/tests/unit/charts/test_deployment.py b/tests/unit/charts/test_deployment.py index 5c8092d37..e004fff25 100644 --- a/tests/unit/charts/test_deployment.py +++ b/tests/unit/charts/test_deployment.py @@ -50,40 +50,6 @@ def test_temp_directory(self): assert mount["mountPath"] == "/tmp" assert mount["name"] == "logprep-temp" - @pytest.mark.parametrize( - "logprep_values, expected", - [ - ({}, False), - ({"secrets": {"certificates": {"name": "custom-certs"}}}, True), - ], - ) - def test_deployment_certificates(self, logprep_values, expected): - self.manifests = self.render_chart("logprep", logprep_values) - volumes = self.deployment["spec.template.spec.volumes"] - mounts = self.deployment["spec.template.spec.containers.0.volumeMounts"] - env = self.deployment["spec.template.spec.containers.0.env"] - - for volume in volumes: - if volume["name"] == "certificates": - assert expected - break - else: - assert not expected, "certificates volume not found" - - for mount in mounts: - if mount["name"] == "certificates": - assert expected - break - else: - assert not expected, "certificates mount not found" - - for variable in env: - if variable["name"] == "REQUESTS_CA_BUNDLE": - assert expected - break - else: - assert not expected, "REQUESTS_CA_BUNDLE env not found" - def test_certificates_env(self): self.manifests = self.render_chart( "logprep", {"secrets": {"certificates": {"name": "custom-certs"}}} @@ -96,91 +62,6 @@ def test_certificates_env(self): else: assert False, "REQUESTS_CA_BUNDLE not found" - def test_certificates_volume(self): - self.manifests = self.render_chart( - "logprep", {"secrets": {"certificates": {"name": "custom-certs"}}} - ) - volumes = self.deployment["spec.template.spec.volumes"] - for volume in volumes: - if volume["name"] == "certificates": - assert volume["secret"]["secretName"] == "custom-certs" - break - else: - assert False, "certificates volume not found" - - def test_certificates_volume_mount(self): - self.manifests = self.render_chart( - "logprep", {"secrets": {"certificates": {"name": "custom-certs"}}} - ) - mounts = self.deployment["spec.template.spec.containers.0.volumeMounts"] - for mount in mounts: - if mount["name"] == "certificates": - assert mount["mountPath"].endswith("custom-certs") - break - else: - assert False, "certificates mount not found" - - @pytest.mark.parametrize( - "logprep_values, expected", - [ - ({}, False), - ({"secrets": {"logprep-secret": {"name": "my-secret"}}}, True), - ({"secrets": {"LoGpReP-Secret": {"name": "my-not-lowercase-secret"}}}, True), - ], - ) - def test_secret_deployment(self, logprep_values, expected): - self.manifests = self.render_chart("logprep", logprep_values) - volumes = self.deployment["spec.template.spec.volumes"] - mounts = self.deployment["spec.template.spec.containers.0.volumeMounts"] - - for volume in volumes: - if volume["name"] == "logprep-secret": - assert expected - break - else: - assert not expected, "secret volume not found" - - for mount in mounts: - if mount["name"] == "logprep-secret": - assert expected - break - else: - assert not expected, "secret mount not found" - - @pytest.mark.parametrize( - "logprep_values, expected", - [ - ({}, False), - ({"secrets": {"credentials": {"name": "my-creds"}}}, True), - ], - ) - def test_deployment_credentials(self, logprep_values, expected): - self.manifests = self.render_chart("logprep", logprep_values) - volumes = self.deployment["spec.template.spec.volumes"] - mounts = self.deployment["spec.template.spec.containers.0.volumeMounts"] - env = self.deployment["spec.template.spec.containers.0.env"] - - for volume in volumes: - if volume["name"] == "credentials": - assert expected - break - else: - assert not expected, "credentials volume not found" - - for mount in mounts: - if mount["name"] == "credentials": - assert expected - break - else: - assert not expected, "credentials mount not found" - - for variable in env: - if variable["name"] == "LOGPREP_CREDENTIALS_FILE": - assert expected - break - else: - assert not expected, "LOGPREP_CREDENTIALS_FILE not found" - def test_credentials_env(self): self.manifests = self.render_chart( "logprep", {"secrets": {"credentials": {"name": "my-creds"}}} @@ -193,30 +74,6 @@ def test_credentials_env(self): else: assert False, "LOGPREP_CREDENTIALS_FILE not found" - def test_credentials_volume(self): - self.manifests = self.render_chart( - "logprep", {"secrets": {"Credentials": {"name": "my-creds"}}} - ) - volumes = self.deployment["spec.template.spec.volumes"] - for volume in volumes: - if volume["name"] == "credentials": - assert volume["secret"]["secretName"] == "my-creds" - break - else: - assert False, "credentials volume not found" - - def test_credentials_volume_mount(self): - self.manifests = self.render_chart( - "logprep", {"secrets": {"credentials": {"name": "my-creds"}}} - ) - mounts = self.deployment["spec.template.spec.containers.0.volumeMounts"] - for mount in mounts: - if mount["name"] == "credentials": - assert mount["mountPath"].endswith("my-creds"), mount["mountPath"] - break - else: - assert False, "credentials mount not found" - def test_security_context(self): assert self.deployment["spec.template.spec.securityContext"] security_context = self.deployment["spec.template.spec.securityContext"] @@ -392,20 +249,6 @@ def test_artifacts_volume_not_populated_if_not_defined(self): artifacts_volume = [volume for volume in volumes if volume["name"] == "artifacts"] assert len(artifacts_volume) == 0 - def test_extra_secrets_volumes_are_populated(self): - logprep_values = {"secrets": {"mysecret": {"name": "external-secret"}}} - self.manifests = self.render_chart("logprep", logprep_values) - volumes = self.deployment["spec.template.spec.volumes"] - volume = [volume for volume in volumes if volume["name"] == "mysecret"] - assert volume - - def test_extra_secrets_are_mounted(self): - logprep_values = {"secrets": {"mysecret": {"name": "external-secret"}}} - self.manifests = self.render_chart("logprep", logprep_values) - mounts = self.deployment["spec.template.spec.containers.0.volumeMounts"] - mount = [mount for mount in mounts if mount["name"] == "mysecret"] - assert mount - def test_environment_variables_are_populated(self): logprep_values = { "environment": [