Updating open-appsec helm charts

2025-09-30 03:34:26 +03:00 · 2023-12-27 17:06:44 +02:00
parent 12da9547dd
commit 4f58819eaf
160 changed files with 2028 additions and 899 deletions
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap-addheaders_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap-addheaders_test.yaml
@@ -0,0 +1,27 @@
+suite: Controller > ConfigMap > Add Headers
+templates:
+  - controller-configmap-addheaders.yaml
+
+tests:
+  - it: should not create a ConfigMap if `controller.addHeaders` is not set
+    set:
+      controller.addHeaders: null
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a ConfigMap if `controller.addHeaders` is set
+    set:
+      controller.addHeaders:
+        X-Another-Custom-Header: Value
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ConfigMap
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-custom-add-headers
+      - equal:
+          path: data.X-Another-Custom-Header
+          value: Value
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap-proxyheaders_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap-proxyheaders_test.yaml
@@ -0,0 +1,27 @@
+suite: Controller > ConfigMap > Proxy Headers
+templates:
+  - controller-configmap-proxyheaders.yaml
+
+tests:
+  - it: should not create a ConfigMap if `controller.proxySetHeaders` is not set
+    set:
+      controller.proxySetHeaders: null
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a ConfigMap if `controller.proxySetHeaders` is set
+    set:
+      controller.proxySetHeaders:
+        X-Custom-Header: Value
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ConfigMap
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-custom-proxy-headers
+      - equal:
+          path: data.X-Custom-Header
+          value: Value
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-configmap_test.yaml
@@ -0,0 +1,14 @@
+suite: Controller > ConfigMap
+templates:
+  - controller-configmap.yaml
+
+tests:
+  - it: should create a ConfigMap
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ConfigMap
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-daemonset_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-daemonset_test.yaml
@@ -0,0 +1,16 @@
+suite: Controller > DaemonSet
+templates:
+  - controller-daemonset.yaml
+
+tests:
+  - it: should create a DaemonSet if `controller.kind` is "DaemonSet"
+    set:
+      controller.kind: DaemonSet
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: DaemonSet
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-deployment_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-deployment_test.yaml
@@ -0,0 +1,34 @@
+suite: Controller > Deployment
+templates:
+  - controller-deployment.yaml
+
+tests:
+  - it: should create a Deployment
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Deployment
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
+
+  - it: should create a Deployment with 3 replicas if `controller.replicaCount` is 3
+    set:
+      controller.replicaCount: 3
+    asserts:
+      - equal:
+          path: spec.replicas
+          value: 3
+
+  - it: should create a Deployment with resource limits if `controller.resources.limits` is set
+    set:
+      controller.resources.limits.cpu: 500m
+      controller.resources.limits.memory: 512Mi
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.cpu
+          value: 500m
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.memory
+          value: 512Mi
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-hpa_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-hpa_test.yaml
@@ -0,0 +1,17 @@
+suite: Controller > HPA
+templates:
+  - controller-hpa.yaml
+
+tests:
+  - it: should create a HPA if `controller.kind` is "Deployment" and `controller.autoscaling.enabled` is true
+    set:
+      controller.kind: Deployment
+      controller.autoscaling.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: HorizontalPodAutoscaler
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-keda_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-keda_test.yaml
@@ -0,0 +1,17 @@
+suite: Controller > KEDA
+templates:
+  - controller-keda.yaml
+
+tests:
+  - it: should create a ScaledObject if `controller.kind` is "Deployment" and `controller.keda.enabled` is true
+    set:
+      controller.kind: Deployment
+      controller.keda.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ScaledObject
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-networkpolicy_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-networkpolicy_test.yaml
@@ -0,0 +1,23 @@
+suite: Controller > NetworkPolicy
+templates:
+  - controller-networkpolicy.yaml
+
+tests:
+  - it: should not create a NetworkPolicy if `controller.networkPolicy.enabled` is false
+    set:
+      controller.networkPolicy.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a NetworkPolicy if `controller.networkPolicy.enabled` is true
+    set:
+      controller.networkPolicy.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: NetworkPolicy
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service-internal_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service-internal_test.yaml
@@ -0,0 +1,25 @@
+suite: Controller > Service > Internal
+templates:
+  - controller-service-internal.yaml
+
+tests:
+  - it: should not create an internal Service if `controller.service.internal.enabled` is false
+    set:
+      controller.service.internal.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create an internal Service if `controller.service.internal.enabled` is true and `controller.service.internal.annotations` are set
+    set:
+      controller.service.internal.enabled: true
+      controller.service.internal.annotations:
+        test.annotation: "true"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Service
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller-internal
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service-metrics_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service-metrics_test.yaml
@@ -0,0 +1,23 @@
+suite: Controller > Service > Metrics
+templates:
+  - controller-service-metrics.yaml
+
+tests:
+  - it: should not create a metrics Service if `controller.metrics.enabled` is false
+    set:
+      controller.metrics.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a metrics Service if `controller.metrics.enabled` is true
+    set:
+      controller.metrics.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Service
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller-metrics
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/controller-service_test.yaml
@@ -0,0 +1,32 @@
+suite: Controller > Service
+templates:
+  - controller-service.yaml
+
+tests:
+  - it: should not create a Service if `controller.service.external.enabled` is false
+    set:
+      controller.service.external.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a Service if `controller.service.external.enabled` is true
+    set:
+      controller.service.external.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Service
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-controller
+
+  - it: should create a Service of type "NodePort" if `controller.service.external.enabled` is true and `controller.service.type` is "NodePort"
+    set:
+      controller.service.external.enabled: true
+      controller.service.type: NodePort
+    asserts:
+      - equal:
+          path: spec.type
+          value: NodePort
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/default-backend-extra-configmaps_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/default-backend-extra-configmaps_test.yaml
@@ -0,0 +1,50 @@
+suite: Default Backend > Extra ConfigMaps
+templates:
+  - default-backend-extra-configmaps.yaml
+
+tests:
+  - it: should not create a ConfigMap if `defaultBackend.extraConfigMaps` is empty
+    set:
+      defaultBackend.enabled: true
+      defaultBackend.extraConfigMaps: []
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create one ConfigMap if `defaultBackend.extraConfigMaps` has one element
+    set:
+      defaultBackend.enabled: true
+      defaultBackend.extraConfigMaps:
+        - name: my-configmap-1
+          data:
+            key1: value1
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ConfigMap
+      - equal:
+          path: metadata.name
+          value: my-configmap-1
+      - equal:
+          path: data.key1
+          value: value1
+
+  - it: should create two ConfigMaps if `defaultBackend.extraConfigMaps` has two elements
+    set:
+      defaultBackend.enabled: true
+      defaultBackend.extraConfigMaps:
+        - name: my-configmap-1
+          data:
+            key1: value1
+        - name: my-configmap-2
+          data:
+            key2: value2
+    asserts:
+      - hasDocuments:
+          count: 2
+      - isKind:
+          of: ConfigMap
+      - matchRegex:
+          path: metadata.name
+          pattern: my-configmap-(1|2)
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/tests/default-backend-service_test.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/tests/default-backend-service_test.yaml
@@ -0,0 +1,32 @@
+suite: Default Backend > Service
+templates:
+  - default-backend-service.yaml
+
+tests:
+  - it: should not create a Service if `defaultBackend.enabled` is false
+    set:
+      defaultBackend.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a Service if `defaultBackend.enabled` is true
+    set:
+      defaultBackend.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Service
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-ingress-nginx-defaultbackend
+
+  - it: should create a Service with port 80 if `defaultBackend.service.port` is 80
+    set:
+      defaultBackend.enabled: true
+      defaultBackend.service.port: 80
+    asserts:
+      - equal:
+          path: spec.ports[0].port
+          value: 80