Prevent pega helm charts from failing when global.certificates are no… (

#375) * Prevent pega helm charts from failing when global.certificates are not specified. * Remove offensive whitespace. * Add required whitespace. * Remove sidecar config (and address more whitespace issues).
pegasystems · Jan 11, 2022 · 69d9a02 · 69d9a02
1 parent a559353
commit 69d9a02
Show file tree

Hide file tree

Showing 4 changed files with 180 additions and 2 deletions.
diff --git a/charts/pega/templates/_pega-deployment.tpl b/charts/pega/templates/_pega-deployment.tpl
@@ -59,9 +59,9 @@ spec:
           # Used to specify permissions on files within the volume.
           defaultMode: 420
 {{- include "pegaCredentialVolumeTemplate" .root | indent 6 }}
-
+{{ if .root.Values.global.certificates }}
 {{- include "pegaImportCertificatesTemplate" .root | indent 6 }}
-
+{{ end }}
 {{- if .custom }}
 {{- if .custom.volumes }}
       # Additional custom volumes
@@ -187,8 +187,10 @@ spec:
         - name: {{ template "pegaVolumeCredentials" }}
           mountPath: "/opt/pega/secrets"
         #mount custom certificates
+{{ if .root.Values.global.certificates }}
         - name: {{ template "pegaVolumeImportCertificates" }}
           mountPath: "/opt/pega/certs"
+{{ end }}
 {{- if (semverCompare ">= 1.18.0-0" (trimPrefix "v" .root.Capabilities.KubeVersion.GitVersion)) }}
         # LivenessProbe: indicates whether the container is live, i.e. running.
         {{- $livenessProbe := .node.livenessProbe }}

diff --git a/terratest/src/test/pega/data/values_with_customcerts.yaml b/terratest/src/test/pega/data/values_with_customcerts.yaml
@@ -0,0 +1,45 @@
+---
+global:
+  certificates:
+    testcert.cer: |
+      ----THIS IS MY CERT----
+  tier:
+    - name: "web"
+      nodeType: "WebUser"
+      requestor:
+        passivationTimeSec: 900
+      replicas: 1
+      deploymentStrategy:
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 0
+        type: RollingUpdate
+      livenessProbe:
+        port: 8081
+      # Values for test - web
+      custom:
+    - name: "batch"
+      nodeType: "BackgroundProcessing,Search,Batch,RealTime,Custom1,Custom2,Custom3,Custom4,Custom5,BIX"
+      replicas: 1
+      deploymentStrategy:
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 0
+        type: RollingUpdate
+      livenessProbe:
+        port: 8081
+      # Values for test - batch
+      custom:
+    - name: "stream"
+      nodeType: "Stream"
+      requestor:
+        passivationTimeSec: 900
+      replicas: 1
+      volumeClaimTemplate:
+        resources:
+          requests:
+            storage: 5Gi
+      livenessProbe:
+        port: 8081
+      # Values for test - stream
+      custom:
diff --git a/terratest/src/test/pega/data/values_without_customcerts.yaml b/terratest/src/test/pega/data/values_without_customcerts.yaml
@@ -0,0 +1,43 @@
+---
+global:
+  certificates:
+  tier:
+    - name: "web"
+      nodeType: "WebUser"
+      requestor:
+        passivationTimeSec: 900
+      replicas: 1
+      deploymentStrategy:
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 0
+        type: RollingUpdate
+      livenessProbe:
+        port: 8081
+      # Values for test - web
+      custom:
+    - name: "batch"
+      nodeType: "BackgroundProcessing,Search,Batch,RealTime,Custom1,Custom2,Custom3,Custom4,Custom5,BIX"
+      replicas: 1
+      deploymentStrategy:
+        rollingUpdate:
+          maxSurge: 1
+          maxUnavailable: 0
+        type: RollingUpdate
+      livenessProbe:
+        port: 8081
+      # Values for test - batch
+      custom:
+    - name: "stream"
+      nodeType: "Stream"
+      requestor:
+        passivationTimeSec: 900
+      replicas: 1
+      volumeClaimTemplate:
+        resources:
+          requests:
+            storage: 5Gi
+      livenessProbe:
+        port: 8081
+      # Values for test - stream
+      custom:
diff --git a/terratest/src/test/pega/pega-tier-deployment-with-and-without-customcert_test.go b/terratest/src/test/pega/pega-tier-deployment-with-and-without-customcert_test.go
@@ -0,0 +1,88 @@
+package pega
+
+import (
+	"path/filepath"
+	"strings"
+	"testing"
+	"github.com/gruntwork-io/terratest/modules/helm"
+	"github.com/stretchr/testify/require"
+	appsv1 "k8s.io/api/apps/v1"
+)
+
+func TestPegaDeploymentWithAndWithoutCustomCerts(t *testing.T) {
+
+	var supportedVendors = []string{"k8s"}
+	var supportedOperations = []string{"deploy", "install-deploy", "upgrade-deploy"}
+
+	helmChartPath, err := filepath.Abs(PegaHelmChartPath)
+	require.NoError(t, err)
+
+	for _, vendor := range supportedVendors {
+		for _, operation := range supportedOperations {
+
+            var options = &helm.Options{
+                ValuesFiles: []string{"data/values_with_customcerts.yaml"},
+                SetValues: map[string]string{
+                    "global.deployment.name":        "pega",
+                    "global.provider":               vendor,
+                    "global.actions.execute":        operation,
+                    "installer.upgrade.upgradeType": "zero-downtime",
+                },
+            }
+            deploymentYaml := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-tier-deployment.yaml"})
+            yamlSplit := strings.Split(deploymentYaml, "---")
+            assertWeb(t, yamlSplit[1], options)
+            assertVolumeAndMount(t, yamlSplit[1], options, true)
+
+            assertBatch(t, yamlSplit[2], options)
+            assertVolumeAndMount(t, yamlSplit[2], options, true)
+
+            assertStream(t, yamlSplit[3], options)
+            assertVolumeAndMount(t, yamlSplit[3], options, true)
+
+            options.ValuesFiles = []string{"data/values_without_customcerts.yaml"}
+
+            deploymentYaml = RenderTemplate(t, options, helmChartPath, []string{"templates/pega-tier-deployment.yaml"})
+            yamlSplit = strings.Split(deploymentYaml, "---")
+            assertWeb(t, yamlSplit[1], options)
+            assertVolumeAndMount(t, yamlSplit[1], options, false)
+
+            assertBatch(t, yamlSplit[2], options)
+            assertVolumeAndMount(t, yamlSplit[2], options, false)
+
+            assertStream(t, yamlSplit[3], options)
+            assertVolumeAndMount(t, yamlSplit[3], options, false)
+        }
+	}
+}
+
+func assertVolumeAndMount(t *testing.T, tierYaml string, options *helm.Options, shouldHaveVol bool) {
+	var deploymentObj appsv1.Deployment
+	UnmarshalK8SYaml(t, tierYaml, &deploymentObj)
+	pod := deploymentObj.Spec.Template.Spec
+
+    var foundVol = false
+	for _, vol := range pod.Volumes {
+	    if vol.Name == "pega-volume-import-certificates" {
+	        foundVol = true
+	        break
+	    }
+	}
+	require.Equal(t, shouldHaveVol, foundVol)
+
+    var foundVolMount = false
+	for _, container := range pod.Containers {
+	    if container.Name == "pega-web-tomcat" {
+	        for _, volMount := range container.VolumeMounts {
+                if volMount.Name == "pega-volume-import-certificates" {
+                    require.Equal(t, "/opt/pega/certs", volMount.MountPath)
+                    foundVolMount = true
+                    break
+                }
+	        }
+	        break
+	    }
+	}
+	require.Equal(t, shouldHaveVol, foundVolMount)
+
+}