Merge pull request #23 from spiffe/test-non-defaulted-values

Test charts without defaulted values

.github/tests/no-spire-controller-manager/values.yaml

@@ -0,0 +1,3 @@
+spire-server:
+  controllerManager:
+    enabled: false

.github/tests/spire-oidc-insecure/values.yaml

@@ -0,0 +1,12 @@
+spiffe-oidc-discovery-provider:
+  enabled: true
+
+  insecureScheme:
+    enabled: true
+
+  config:
+    domains:
+      - oidc-discovery.example.org
+
+    acme:
+      tosAccepted: false

.github/tests/upstream-authority-disk/create-cert.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+BASEDIR=$(dirname "$0")
+
+openssl req -new -x509 -days 365 -nodes -sha256 \
+  -subj "/C=NL/O=SPIFFE/OU=SPIRE/CN=example.org" \
+  -out "${BASEDIR}/example-org.pem" \
+  -keyout "${BASEDIR}/example-org.key"

.github/tests/upstream-authority-disk/example-org.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC41hcad074AFQl
+QiM9j54tuh1yCpRfO2pFPOwESqT/gYrnAMfl24nI28FaC/gZWmhD5VZrThY8QlLe
+sk7iyDmrvB6VMMs5di40C5XE11FLf+efS1CpD9atqLyBQ1tjB0yZzIPZFP97HRI4
+DQb7BXqgOmDEnJ5gk6IleBsomQlDwyu9TXgUd8c4SEFgrxHMjfybZN3dKzw4jCB3
+SrEqouaSq7eelCe0q58y4Lq8fkD+Zc2GrRJ0K5y3eMoRzp5ByK8QYPm8AJgFVTS9
+kCs+HROqC+Y7WqracUiEHCDWY1HG5IbdC9GSNdPDu2GHUxFWtKhhPw+I7iuu3jF5
+LRikLtDpAgMBAAECggEAQNS+98Z/SVd8LDFdgPs95RYRu+1gC2MgrDZpJjw0UXZT
+jSDl/Iabdns1/2qRU/s09ROc0zhpbitpO7lZGAxYxhbOt0+NCJOeMx0ZJBjN5+hu
+Cp51JUdr6i90JvbEOCDYSl3EpUDLN5iDymsvVp6eW1L+nBe/KWq/Bdtx0zSSXlSe
+sdlQenZ6JcsLBqOwSzSkvG4DBH097pYhePzLOLyZ+watyaD5QoKUg1n2jtqCEBxG
+2QV2D0UJVgkJrsytc9LRqIBVqKvwD3GkRtQcIlg4Cf3oWmFrwkVE0wYikLtnzfGt
+GJ1dee1enHkexjwjD4RUd2Es1XDPmQNNZ9a2LrfynQKBgQDou2+8SdB60eyt2KwH
+58Jeh+L/2nTt0VkiczsTp1RgXg+ZKWNuudmTlPR40Yg52uhDKec7Yb9XXfyuTXvL
+v3lXYmsjFutj12u3pAEFWj63O7NpJ9R9vnyjwa1lwMQ3Ps9gp2pJmHtMy0alLMqt
+H+yEYlbS0DexIclVOQMkcNkzpwKBgQDLUM2ddShG+SYZiC6eDtZU6DXjMdncdDp8
+koTh+cJLL1tqqbmVRSBkWuhqlH6nenbnSLCZ+pbZ22bXJ8Jl/LXwmCpyUzt71wbQ
+li+eGEvgGSZ4PV4JsqV7j70VD0BpxtJUFBT+6Zq2+Lns7ZgisHfvHyydRSai4+pp
+4tCDvK6o7wKBgET/vSLPp5WiQ09PW8GEPqYUF4LPW7deR9Tk4PD0vRlNCcbY9HfR
+deZBVTG0vXSZqB6xf7KlSjs2zEFJC5jejbUQor7mfqc9KNxrLTpPBSUB+DEG9ALL
+xNwwAZ6XRhUy8/yt5d8n6/ZalflGjFhDjLW7Cg66WKiVYcF4g6v8IQklAoGBAKGS
+MCRuQzjLrGRj3bAL2HYXJyPKrPhNgWEXyvQN2EKJettzz6B5E7nMqKByK4iKgM1h
+7b4f7xtoCPz4grsrraZqNmkuDbpncen3QBYh9sI7GmA5XG7Wgj2ER93hhe3Ja8IX
+R2wgVqwLUy2ezuTaWiU0H+9HUeHmv5WwAsZ9/ksPAoGBALmfyzS8J1jfkjMLhwvQ
+vaS7UzPEufeJb/vg2WMd31TRc6fMcGZKwCvjE3z2xLewU+DwSynqjdRZn4mOt+sm
+5LOMBdOTK6nEoVbGdCktYM8BpgxFSBaQ7oJDVRaHOOs7cauCOz7NCCd/e6q//S6L
+wS6zVciWfFotxYTyTyj0WiiT
+-----END PRIVATE KEY-----

.github/tests/upstream-authority-disk/example-org.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAewCCQCK4mz8rTwvHDANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJO
+TDEPMA0GA1UECgwGU1BJRkZFMQ4wDAYDVQQLDAVTUElSRTEUMBIGA1UEAwwLZXhh
+bXBsZS5vcmcwHhcNMjMwMjIwMTAwNTA5WhcNMjQwMjIwMTAwNTA5WjBEMQswCQYD
+VQQGEwJOTDEPMA0GA1UECgwGU1BJRkZFMQ4wDAYDVQQLDAVTUElSRTEUMBIGA1UE
+AwwLZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4
+1hcad074AFQlQiM9j54tuh1yCpRfO2pFPOwESqT/gYrnAMfl24nI28FaC/gZWmhD
+5VZrThY8QlLesk7iyDmrvB6VMMs5di40C5XE11FLf+efS1CpD9atqLyBQ1tjB0yZ
+zIPZFP97HRI4DQb7BXqgOmDEnJ5gk6IleBsomQlDwyu9TXgUd8c4SEFgrxHMjfyb
+ZN3dKzw4jCB3SrEqouaSq7eelCe0q58y4Lq8fkD+Zc2GrRJ0K5y3eMoRzp5ByK8Q
+YPm8AJgFVTS9kCs+HROqC+Y7WqracUiEHCDWY1HG5IbdC9GSNdPDu2GHUxFWtKhh
+Pw+I7iuu3jF5LRikLtDpAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACK0PQa7+2za
+GOacBqbmeycEJmiSZYEi1sMbgjFjmROcW+wyzWZDvMlDSS2z22B6Cp7qS5ZY3T7H
+ZMVbpRkkNMF9h+51cTFoUlppgFEEqIXRkE+Jejs5Fq2FvgSdx/2LJZkTzt4Rlo07
+UiP4nlHhsEVPRNPuus/MfoA2RZYfGJt+4eLXqjS6TAcccfGqVcMmq/FjjZjzWY5w
+gYXC5ID4NB54N7ag0iBltcZ+OnYWlhReTOxih9yZXq8lRzE2Ny5aA2ztM9YfDuYu
+ATU9T+cfd9UTu8PPNPLuXLgVr1P+1JOApzq1EA0fjDq4L6FzMqgoumWFV3kXHwop
+m27t/52Pu8U=
+-----END CERTIFICATE-----

.github/tests/upstream-authority-disk/values.yaml

@@ -0,0 +1,58 @@
+server:
+  config:
+    upstreamAuthority:
+      disk:
+        enabled: true
+        secret:
+          data:
+            # This cert is generated using create-cert.sh and should only be used for the test
+            certificate: |
+              -----BEGIN CERTIFICATE-----
+              MIIDBDCCAewCCQCK4mz8rTwvHDANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJO
+              TDEPMA0GA1UECgwGU1BJRkZFMQ4wDAYDVQQLDAVTUElSRTEUMBIGA1UEAwwLZXhh
+              bXBsZS5vcmcwHhcNMjMwMjIwMTAwNTA5WhcNMjQwMjIwMTAwNTA5WjBEMQswCQYD
+              VQQGEwJOTDEPMA0GA1UECgwGU1BJRkZFMQ4wDAYDVQQLDAVTUElSRTEUMBIGA1UE
+              AwwLZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4
+              1hcad074AFQlQiM9j54tuh1yCpRfO2pFPOwESqT/gYrnAMfl24nI28FaC/gZWmhD
+              5VZrThY8QlLesk7iyDmrvB6VMMs5di40C5XE11FLf+efS1CpD9atqLyBQ1tjB0yZ
+              zIPZFP97HRI4DQb7BXqgOmDEnJ5gk6IleBsomQlDwyu9TXgUd8c4SEFgrxHMjfyb
+              ZN3dKzw4jCB3SrEqouaSq7eelCe0q58y4Lq8fkD+Zc2GrRJ0K5y3eMoRzp5ByK8Q
+              YPm8AJgFVTS9kCs+HROqC+Y7WqracUiEHCDWY1HG5IbdC9GSNdPDu2GHUxFWtKhh
+              Pw+I7iuu3jF5LRikLtDpAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACK0PQa7+2za
+              GOacBqbmeycEJmiSZYEi1sMbgjFjmROcW+wyzWZDvMlDSS2z22B6Cp7qS5ZY3T7H
+              ZMVbpRkkNMF9h+51cTFoUlppgFEEqIXRkE+Jejs5Fq2FvgSdx/2LJZkTzt4Rlo07
+              UiP4nlHhsEVPRNPuus/MfoA2RZYfGJt+4eLXqjS6TAcccfGqVcMmq/FjjZjzWY5w
+              gYXC5ID4NB54N7ag0iBltcZ+OnYWlhReTOxih9yZXq8lRzE2Ny5aA2ztM9YfDuYu
+              ATU9T+cfd9UTu8PPNPLuXLgVr1P+1JOApzq1EA0fjDq4L6FzMqgoumWFV3kXHwop
+              m27t/52Pu8U=
+              -----END CERTIFICATE-----
+            # This key is generated using create-cert.sh and should only be used for the test
+            key: |
+              -----BEGIN PRIVATE KEY-----
+              MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC41hcad074AFQl
+              QiM9j54tuh1yCpRfO2pFPOwESqT/gYrnAMfl24nI28FaC/gZWmhD5VZrThY8QlLe
+              sk7iyDmrvB6VMMs5di40C5XE11FLf+efS1CpD9atqLyBQ1tjB0yZzIPZFP97HRI4
+              DQb7BXqgOmDEnJ5gk6IleBsomQlDwyu9TXgUd8c4SEFgrxHMjfybZN3dKzw4jCB3
+              SrEqouaSq7eelCe0q58y4Lq8fkD+Zc2GrRJ0K5y3eMoRzp5ByK8QYPm8AJgFVTS9
+              kCs+HROqC+Y7WqracUiEHCDWY1HG5IbdC9GSNdPDu2GHUxFWtKhhPw+I7iuu3jF5
+              LRikLtDpAgMBAAECggEAQNS+98Z/SVd8LDFdgPs95RYRu+1gC2MgrDZpJjw0UXZT
+              jSDl/Iabdns1/2qRU/s09ROc0zhpbitpO7lZGAxYxhbOt0+NCJOeMx0ZJBjN5+hu
+              Cp51JUdr6i90JvbEOCDYSl3EpUDLN5iDymsvVp6eW1L+nBe/KWq/Bdtx0zSSXlSe
+              sdlQenZ6JcsLBqOwSzSkvG4DBH097pYhePzLOLyZ+watyaD5QoKUg1n2jtqCEBxG
+              2QV2D0UJVgkJrsytc9LRqIBVqKvwD3GkRtQcIlg4Cf3oWmFrwkVE0wYikLtnzfGt
+              GJ1dee1enHkexjwjD4RUd2Es1XDPmQNNZ9a2LrfynQKBgQDou2+8SdB60eyt2KwH
+              58Jeh+L/2nTt0VkiczsTp1RgXg+ZKWNuudmTlPR40Yg52uhDKec7Yb9XXfyuTXvL
+              v3lXYmsjFutj12u3pAEFWj63O7NpJ9R9vnyjwa1lwMQ3Ps9gp2pJmHtMy0alLMqt
+              H+yEYlbS0DexIclVOQMkcNkzpwKBgQDLUM2ddShG+SYZiC6eDtZU6DXjMdncdDp8
+              koTh+cJLL1tqqbmVRSBkWuhqlH6nenbnSLCZ+pbZ22bXJ8Jl/LXwmCpyUzt71wbQ
+              li+eGEvgGSZ4PV4JsqV7j70VD0BpxtJUFBT+6Zq2+Lns7ZgisHfvHyydRSai4+pp
+              4tCDvK6o7wKBgET/vSLPp5WiQ09PW8GEPqYUF4LPW7deR9Tk4PD0vRlNCcbY9HfR
+              deZBVTG0vXSZqB6xf7KlSjs2zEFJC5jejbUQor7mfqc9KNxrLTpPBSUB+DEG9ALL
+              xNwwAZ6XRhUy8/yt5d8n6/ZalflGjFhDjLW7Cg66WKiVYcF4g6v8IQklAoGBAKGS
+              MCRuQzjLrGRj3bAL2HYXJyPKrPhNgWEXyvQN2EKJettzz6B5E7nMqKByK4iKgM1h
+              7b4f7xtoCPz4grsrraZqNmkuDbpncen3QBYh9sI7GmA5XG7Wgj2ER93hhe3Ja8IX
+              R2wgVqwLUy2ezuTaWiU0H+9HUeHmv5WwAsZ9/ksPAoGBALmfyzS8J1jfkjMLhwvQ
+              vaS7UzPEufeJb/vg2WMd31TRc6fMcGZKwCvjE3z2xLewU+DwSynqjdRZn4mOt+sm
+              5LOMBdOTK6nEoVbGdCktYM8BpgxFSBaQ7oJDVRaHOOs7cauCOz7NCCd/e6q//S6L
+              wS6zVciWfFotxYTyTyj0WiiT
+              -----END PRIVATE KEY-----

.github/workflows/helm-chart-ci.yaml

@@ -7,15 +7,16 @@ on:
       - 'charts/**'
       - '.github/workflows/helm-chart-ci.yaml'
       - '.github/kind/conf/kind-config.yaml'
+      - '.github/tests/**/*.yaml'
       - 'helm-docs.sh'
 
 concurrency:
   group: ${{ github.ref }}
   cancel-in-progress: true
 
 env:
-  HELM_VERSION: v3.10.2
-  PYTHON_VERSION: 3.11.1
+  HELM_VERSION: v3.11.1
+  PYTHON_VERSION: 3.11.2
   CHART_TESTING_VERSION: v3.7.1
 
 jobs:
@@ -69,10 +70,34 @@ jobs:
     outputs:
       changed: ${{ steps.list-changed.outputs.changed }}
 
+  build-matrix:
+    name: Build matrix
+    runs-on: ubuntu-22.04
+
+    needs: [lint-chart]
+
+    if: needs.lint-chart.outputs.changed == 'true'
+
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+
+      - id: set-matrix
+        name: Collect all tests
+        run: |
+          tests="$(echo -e "default\n$(find .github/tests -maxdepth 1 -type d | grep -Ev 'tests$' | xargs -I % basename % | sort | uniq)")"
+          tests_json="$(echo "$tests" | jq -c --slurp --raw-input 'split("\n") | map(select(. != ""))')"
+          echo "tests=$tests_json" >> $GITHUB_OUTPUT
+
+    outputs:
+      tests: ${{ steps.set-matrix.outputs.tests }}
+
   test:
     runs-on: ubuntu-22.04
+
     needs:
       - lint-chart
+      - build-matrix
 
     if: needs.lint-chart.outputs.changed == 'true'
 
@@ -89,6 +114,8 @@ jobs:
           - v1.23.13
           - v1.22.15
           - v1.21.14
+        values:
+          - ${{ fromJson(needs.build-matrix.outputs.tests) }}
 
     steps:
       - name: Checkout
@@ -124,4 +151,7 @@ jobs:
         run: |
           ct install --debug \
             --target-branch main \
-            --exclude-deprecated
+            --exclude-deprecated \
+            ${{ (matrix.values != 'default' && '--helm-extra-set-args "--values=.github/tests/$VALUES/values.yaml"') || '' }}
+        env:
+          VALUES: ${{ matrix.values }}

charts/spire/Chart.yaml

@@ -3,8 +3,8 @@ name: spire
 description: >
   A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.
 type: application
-version: 0.1.0
-appVersion: "1.5.4"
+version: 0.2.0
+appVersion: "1.5.5"
 keywords: ["spiffe", "spire", "spire-server", "spire-agent", "oidc", "spire-controller-manager"]
 home: https://github.com/philips-labs/helm-charts/tree/main/charts/spire
 sources:

charts/spire/README.md

@@ -2,7 +2,7 @@
 
 <!-- This README.md is generated. Please edit README.md.gotmpl -->
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.4](https://img.shields.io/badge/AppVersion-1.5.4-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.5](https://img.shields.io/badge/AppVersion-1.5.5-informational?style=flat-square)
 
 A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.
 
@@ -68,6 +68,7 @@ Kubernetes: `>=1.21.0-0`
 | spire-agent.trustDomain | string | `"example.org"` |  |
 | spire-server.bundleConfigMap | string | `"spire-bundle"` |  |
 | spire-server.clusterName | string | `"example-cluster"` |  |
+| spire-server.controllerManager.enabled | bool | `true` |  |
 | spire-server.nameOverride | string | `"server"` |  |
 | spire-server.trustDomain | string | `"example.org"` |  |
 

charts/spire/values.yaml

@@ -9,6 +9,9 @@ spire-server:
   clusterName: &clusterName "example-cluster"
   trustDomain: &trustDomain "example.org"
 
+  controllerManager:
+    enabled: true
+
 spire-agent:
   nameOverride: agent
   bundleConfigMap: *bundleConfigMap