diff --git a/.github/workflows/test-helm-lint.yaml b/.github/workflows/test-helm-lint.yaml deleted file mode 100644 index fd03afee6..000000000 --- a/.github/workflows/test-helm-lint.yaml +++ /dev/null @@ -1,41 +0,0 @@ -name: Lint Helm Charts - -on: - workflow_dispatch: - push: - branches: - - main - - "release/**" - paths: - - "cli/internal/helm/charts/**" - pull_request: - paths: - - "cli/internal/helm/charts/**" - -# Abort runs of *this* workflow, if a new commit with the same ref is pushed. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} - -jobs: - helm-lint: - runs-on: ubuntu-latest - env: - CTEST_OUTPUT_ON_FAILURE: True - steps: - - name: Checkout - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Setup Helm - uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 # tag=v3 - with: - version: "v3.9.0" # default is latest (stable) - - - name: Create and populate build folder - run: mkdir build && cd build && cmake .. - - - name: Unit Tests - run: ctest -R helm-lint - working-directory: build diff --git a/.github/workflows/test-unittest.yml b/.github/workflows/test-unittest.yml index 2f37351c3..dbaf5099a 100644 --- a/.github/workflows/test-unittest.yml +++ b/.github/workflows/test-unittest.yml @@ -42,6 +42,8 @@ jobs: - name: Unit Tests run: ctest -R unit working-directory: build + env: + TMPDIR: ${{ runner.temp }} test-darwin: runs-on: macos-12 diff --git a/CMakeLists.txt b/CMakeLists.txt index fdb05bfb1..53c35b812 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -63,9 +63,3 @@ add_test(NAME integration-node-operator COMMAND make test WORKING_DIRECTORY ${CM add_test(NAME integration-csi COMMAND bash -c "go test -tags integration -c ./test/ && sudo ./test.test -test.v" WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/csi) add_test(NAME integration-dm COMMAND bash -c "go test -tags integration -c ./test/ && sudo ./test.test -test.v" WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/disk-mapper/internal) add_test(NAME integration-license COMMAND bash -c "go test -tags integration" WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/internal/license) -add_test(NAME helm-lint COMMAND bash -c "helm lint * --set tags.GCP=true --set kms.image='ghcr.io/edgelesssys/constellation/kms:latest' --set join-service.csp='GCP' \ - --set join-service.enforcedPCRs='[]' --set join-service.image='ghcr.io/edgelesssys/constellation/join-service:latest' --set join-service.measurements='[]' \ - --set join-service.measurementSalt='deadbeef' --set kms.salt='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' --set kms.masterSecret='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' \ - --set ccm.csp='GCP' --set ccm.subnetworkCIDR='192.0.2.0/24' --set ccm.GCP.image='ghcr.io/edgelesssys/cloud-provider-gcp:latest' --set ccm.GCP.projectID='demoproject-581925' \ - --set ccm.GCP.uid='foobar' --set ccm.GCP.secretData='jsonstring'" - WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cli/internal/helm/charts/edgeless/) diff --git a/cli/internal/cmd/init.go b/cli/internal/cmd/init.go index 5d52cfe1c..c48311ff0 100644 --- a/cli/internal/cmd/init.go +++ b/cli/internal/cmd/init.go @@ -59,7 +59,7 @@ func runInitialize(cmd *cobra.Command, args []string) error { newDialer := func(validator *cloudcmd.Validator) *dialer.Dialer { return dialer.New(nil, validator.V(cmd), &net.Dialer{}) } - helmLoader := &helm.ChartLoader{} + spinner := newSpinner(cmd.OutOrStdout()) defer spinner.Stop() @@ -67,12 +67,12 @@ func runInitialize(cmd *cobra.Command, args []string) error { defer cancel() cmd.SetContext(ctx) - return initialize(cmd, newDialer, fileHandler, helmLoader, license.NewClient(), spinner) + return initialize(cmd, newDialer, fileHandler, license.NewClient(), spinner) } // initialize initializes a Constellation. func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator) *dialer.Dialer, - fileHandler file.Handler, helmLoader helmLoader, quotaChecker license.QuotaChecker, spinner spinnerInterf, + fileHandler file.Handler, quotaChecker license.QuotaChecker, spinner spinnerInterf, ) error { flags, err := evalFlagArgs(cmd) if err != nil { @@ -125,8 +125,8 @@ func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator if err != nil { return fmt.Errorf("parsing or generating master secret from file %s: %w", flags.masterSecretPath, err) } - - helmDeployments, err := helmLoader.Load(provider, flags.conformance, masterSecret.Key, masterSecret.Salt, getEnforcedPCRs(provider, config), getEnforceIDKeyDigest(provider, config), k8sVersion) + helmLoader := helm.New(provider, k8sVersion) + helmDeployments, err := helmLoader.Load(provider, flags.conformance, masterSecret.Key, masterSecret.Salt, getEnforcedPCRs(provider, config), getEnforceIDKeyDigest(provider, config)) if err != nil { return fmt.Errorf("loading Helm charts: %w", err) } @@ -368,7 +368,3 @@ func getMarshaledServiceAccountURI(provider cloudprovider.Provider, config *conf type grpcDialer interface { Dial(ctx context.Context, target string) (*grpc.ClientConn, error) } - -type helmLoader interface { - Load(csp cloudprovider.Provider, conformanceMode bool, masterSecret []byte, salt []byte, enforcedPCRs []uint32, enforceIDKeyDigest bool, k8sVersion versions.ValidK8sVersion) ([]byte, error) -} diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index 88c304876..118e7a9f5 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -31,7 +31,6 @@ import ( "github.com/edgelesssys/constellation/v2/internal/grpc/testdialer" "github.com/edgelesssys/constellation/v2/internal/license" "github.com/edgelesssys/constellation/v2/internal/oid" - "github.com/edgelesssys/constellation/v2/internal/versions" "github.com/spf13/afero" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -64,7 +63,6 @@ func TestInitialize(t *testing.T) { idFile *clusterid.File configMutator func(*config.Config) serviceAccKey *gcpshared.ServiceAccountKey - helmLoader stubHelmLoader initServerAPI *stubInitServer masterSecretShouldExist bool wantErr bool @@ -163,7 +161,7 @@ func TestInitialize(t *testing.T) { defer cancel() cmd.SetContext(ctx) - err := initialize(cmd, newDialer, fileHandler, &tc.helmLoader, &stubLicenseClient{}, nopSpinner{}) + err := initialize(cmd, newDialer, fileHandler, &stubLicenseClient{}, nopSpinner{}) if tc.wantErr { assert.Error(err) @@ -405,7 +403,7 @@ func TestAttestation(t *testing.T) { defer cancel() cmd.SetContext(ctx) - err := initialize(cmd, newDialer, fileHandler, &stubHelmLoader{}, &stubLicenseClient{}, nopSpinner{}) + err := initialize(cmd, newDialer, fileHandler, &stubLicenseClient{}, nopSpinner{}) assert.Error(err) // make sure the error is actually a TLS handshake error assert.Contains(err.Error(), "transport: authentication handshake failed") @@ -504,11 +502,3 @@ func (c *stubLicenseClient) QuotaCheck(ctx context.Context, checkRequest license Quota: 25, }, nil } - -type stubHelmLoader struct { - loadErr error -} - -func (d *stubHelmLoader) Load(csp cloudprovider.Provider, conformanceMode bool, masterSecret []byte, salt []byte, enforcedPCRs []uint32, enforceIDKeyDigest bool, k8sVersion versions.ValidK8sVersion) ([]byte, error) { - return nil, d.loadErr -} diff --git a/cli/internal/cmd/miniup.go b/cli/internal/cmd/miniup.go index 9fbe54326..7feb149d0 100644 --- a/cli/internal/cmd/miniup.go +++ b/cli/internal/cmd/miniup.go @@ -19,7 +19,6 @@ import ( "strings" "github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd" - "github.com/edgelesssys/constellation/v2/cli/internal/helm" "github.com/edgelesssys/constellation/v2/cli/internal/libvirt" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/config" @@ -236,13 +235,12 @@ func initializeMiniCluster(cmd *cobra.Command, fileHandler file.Handler, spinner newDialer := func(validator *cloudcmd.Validator) *dialer.Dialer { return dialer.New(nil, validator.V(cmd), &net.Dialer{}) } - helmLoader := &helm.ChartLoader{} cmd.Flags().String("master-secret", "", "") cmd.Flags().String("endpoint", "", "") cmd.Flags().Bool("conformance", false, "") - if err := initialize(cmd, newDialer, fileHandler, helmLoader, license.NewClient(), spinner); err != nil { + if err := initialize(cmd, newDialer, fileHandler, license.NewClient(), spinner); err != nil { return err } return nil diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml index 515eec82e..a5aed5b55 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/aws-daemonset.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.csp "AWS" }} +{{- if eq .Values.csp "AWS" -}} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -60,4 +60,4 @@ spec: hostPath: path: /etc/pki updateStrategy: {} -{{ end }} +{{- end -}} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml index ba5ffcb74..2b6bd474f 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.csp "Azure" }} +{{- if eq .Values.csp "Azure" -}} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -70,4 +70,4 @@ spec: secret: secretName: azureconfig updateStrategy: {} -{{ end }} +{{- end -}} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-secret.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-secret.yaml index 103db8cc1..3008afec8 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-secret.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/azure-secret.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.csp "Azure" }} +{{- if eq .Values.csp "Azure" -}} apiVersion: v1 kind: Secret metadata: @@ -6,4 +6,4 @@ metadata: namespace: {{ .Release.Namespace }} data: azure.json: {{ .Values.Azure.azureConfig | b64enc }} -{{ end }} +{{- end -}} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-cm.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-cm.yaml index 1c460da69..b3c01db83 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-cm.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-cm.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.csp "GCP" }} +{{- if eq .Values.csp "GCP" -}} apiVersion: v1 kind: ConfigMap metadata: @@ -6,4 +6,4 @@ metadata: namespace: {{ .Release.Namespace }} data: gce.conf: "[global]\nproject-id = {{.Values.GCP.projectID }}\nuse-metadata-server = true\nnode-tags = constellation-{{ .Values.GCP.uid }}\n" -{{ end }} +{{- end -}} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml index 325169a0d..85909502b 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.csp "GCP" }} +{{- if eq .Values.csp "GCP" -}} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -81,4 +81,4 @@ spec: secret: secretName: gcekey updateStrategy: {} -{{ end }} +{{- end -}} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-secret.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-secret.yaml index 4e082d8fa..534f9be4f 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-secret.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/ccm/templates/gcp-secret.yaml @@ -1,4 +1,4 @@ -{{ if eq .Values.csp "GCP" }} +{{- if eq .Values.csp "GCP" -}} apiVersion: v1 kind: Secret metadata: @@ -6,4 +6,4 @@ metadata: namespace: {{ .Release.Namespace }} data: key.json: {{ .Values.GCP.secretData | b64enc }} -{{ end }} +{{- end -}} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/templates/configmap.yaml b/cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/templates/configmap.yaml index 9ac450f4c..5ff6db384 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/templates/configmap.yaml +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/templates/configmap.yaml @@ -10,7 +10,7 @@ data: {{- if eq .Values.csp "Azure" }} # ConfigMap.data is of type map[string]string. quote will not quote a quoted string. enforceIdKeyDigest: {{ .Values.enforceIdKeyDigest | quote }} - idkeydigest: {{ .Values.idkeydigest }} + idkeydigest: {{ .Values.idkeydigest | quote }} {{- end }} binaryData: measurementSalt: {{ .Values.measurementSalt }} diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/values.schema.json b/cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/values.schema.json index 0337d858b..81c5baab7 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/values.schema.json +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/join-service/values.schema.json @@ -27,8 +27,7 @@ "image": { "description": "Container image to use for the spawned pods.", "type": "string", - "examples": ["ghcr.io/edgelesssys/constellation/join-service:latest"], - "pattern": "ghcr.io/edgelesssys/constellation/join-service:.+" + "examples": ["ghcr.io/edgelesssys/constellation/join-service:latest"] }, "measurementSalt": { "description": "Salt used to generate node measurements", diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/kms/values.schema.json b/cli/internal/helm/charts/edgeless/constellation-services/charts/kms/values.schema.json index 59d1fc422..3c8b9b46f 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/kms/values.schema.json +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/kms/values.schema.json @@ -4,8 +4,7 @@ "image": { "description": "Container image to use for the spawned pods.", "type": "string", - "examples": ["ghcr.io/edgelesssys/constellation/kms:latest"], - "pattern": "ghcr.io/edgelesssys/constellation/kms:*" + "examples": ["ghcr.io/edgelesssys/constellation/kms:latest"] }, "masterSecret": { "description": "Secret used to derive key material within the cluster", diff --git a/cli/internal/helm/loader.go b/cli/internal/helm/loader.go index 9806898d4..9f63e1dec 100644 --- a/cli/internal/helm/loader.go +++ b/cli/internal/helm/loader.go @@ -34,15 +34,37 @@ import ( //go:embed all:charts/* var HelmFS embed.FS -type ChartLoader struct{} +type ChartLoader struct { + joinServiceImage string + kmsImage string + ccmImage string +} -func (i *ChartLoader) Load(csp cloudprovider.Provider, conformanceMode bool, masterSecret []byte, salt []byte, enforcedPCRs []uint32, enforceIDKeyDigest bool, k8sVersion versions.ValidK8sVersion) ([]byte, error) { +func New(csp cloudprovider.Provider, k8sVersion versions.ValidK8sVersion) *ChartLoader { + var ccmImage string + switch csp { + case cloudprovider.AWS: + ccmImage = versions.VersionConfigs[k8sVersion].CloudControllerManagerImageAWS + case cloudprovider.Azure: + ccmImage = versions.VersionConfigs[k8sVersion].CloudControllerManagerImageAzure + case cloudprovider.GCP: + ccmImage = versions.VersionConfigs[k8sVersion].CloudControllerManagerImageGCP + } + + return &ChartLoader{ + joinServiceImage: versions.JoinImage, + kmsImage: versions.KmsImage, + ccmImage: ccmImage, + } +} + +func (i *ChartLoader) Load(csp cloudprovider.Provider, conformanceMode bool, masterSecret []byte, salt []byte, enforcedPCRs []uint32, enforceIDKeyDigest bool) ([]byte, error) { ciliumRelease, err := i.loadCilium(csp, conformanceMode) if err != nil { return nil, err } - conServicesRelease, err := i.loadConstellationServices(csp, masterSecret, salt, enforcedPCRs, enforceIDKeyDigest, k8sVersion) + conServicesRelease, err := i.loadConstellationServices(csp, masterSecret, salt, enforcedPCRs, enforceIDKeyDigest) if err != nil { return nil, err } @@ -93,7 +115,7 @@ func (i *ChartLoader) loadCilium(csp cloudprovider.Provider, conformanceMode boo // loadConstellationServices loads the constellation-services chart from the embed.FS, marshals it into a helm-package .tgz and sets the values that can be set in the CLI. func (i *ChartLoader) loadConstellationServices(csp cloudprovider.Provider, masterSecret []byte, salt []byte, enforcedPCRs []uint32, - enforceIDKeyDigest bool, k8sVersion versions.ValidK8sVersion, + enforceIDKeyDigest bool, ) (helm.Release, error) { chart, err := loadChartsDir(HelmFS, "charts/edgeless/constellation-services") if err != nil { @@ -119,7 +141,7 @@ func (i *ChartLoader) loadConstellationServices(csp cloudprovider.Provider, "internalCMName": constants.InternalConfigMap, }, "kms": map[string]any{ - "image": versions.KmsImage, + "image": i.kmsImage, "masterSecret": base64.StdEncoding.EncodeToString(masterSecret), "salt": base64.StdEncoding.EncodeToString(salt), "namespace": constants.ConstellationNamespace, @@ -131,7 +153,7 @@ func (i *ChartLoader) loadConstellationServices(csp cloudprovider.Provider, "join-service": map[string]any{ "csp": csp, "enforcedPCRs": string(enforcedPCRsJSON), - "image": versions.JoinImage, + "image": i.joinServiceImage, "namespace": constants.ConstellationNamespace, }, "ccm": map[string]interface{}{ @@ -153,7 +175,7 @@ func (i *ChartLoader) loadConstellationServices(csp cloudprovider.Provider, return helm.Release{}, errors.New("invalid ccm values") } ccmVals["Azure"] = map[string]any{ - "image": versions.VersionConfigs[k8sVersion].CloudControllerManagerImageAzure, + "image": i.ccmImage, } vals["tags"] = map[string]any{ @@ -167,7 +189,7 @@ func (i *ChartLoader) loadConstellationServices(csp cloudprovider.Provider, return helm.Release{}, errors.New("invalid ccm values") } ccmVals["GCP"] = map[string]any{ - "image": versions.VersionConfigs[k8sVersion].CloudControllerManagerImageGCP, + "image": i.ccmImage, } vals["tags"] = map[string]any{ @@ -186,7 +208,7 @@ func (i *ChartLoader) loadConstellationServices(csp cloudprovider.Provider, return helm.Release{}, errors.New("invalid ccm values") } ccmVals["AWS"] = map[string]any{ - "image": versions.VersionConfigs[k8sVersion].CloudControllerManagerImageAWS, + "image": i.ccmImage, } vals["tags"] = map[string]any{ @@ -200,12 +222,18 @@ func (i *ChartLoader) loadConstellationServices(csp cloudprovider.Provider, // marshalChart takes a Chart object, packages it to a temporary file and returns the content of that file. // We currently need to take this approach of marshaling as dependencies are not marshaled correctly with json.Marshal. // This stems from the fact that chart.Chart does not export the dependencies property. -// See: https://github.com/helm/helm/issues/11454 func (i *ChartLoader) marshalChart(chart *chart.Chart) ([]byte, error) { - path, err := chartutil.Save(chart, os.TempDir()) + // A separate tmpdir path is necessary since during unit testing multiple go routines are accessing the same path, possibly deleting files for other routines. + tmpDirPath, err := os.MkdirTemp("", "*") + defer os.Remove(tmpDirPath) + if err != nil { + return nil, fmt.Errorf("creating tmp dir: %w", err) + } + + path, err := chartutil.Save(chart, tmpDirPath) defer os.Remove(path) if err != nil { - return nil, fmt.Errorf("packaging chart: %w", err) + return nil, fmt.Errorf("chartutil save: %w", err) } chartRaw, err := os.ReadFile(path) if err != nil { diff --git a/cli/internal/helm/loader_test.go b/cli/internal/helm/loader_test.go index 57b55c274..a71ee304e 100644 --- a/cli/internal/helm/loader_test.go +++ b/cli/internal/helm/loader_test.go @@ -9,27 +9,167 @@ package helm import ( "bytes" "encoding/json" + "fmt" + "io/fs" + "os" + "path" "testing" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/deploy/helm" - "github.com/edgelesssys/constellation/v2/internal/versions" + "github.com/pkg/errors" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "helm.sh/helm/v3/pkg/chart/loader" + "helm.sh/helm/v3/pkg/chartutil" + "helm.sh/helm/v3/pkg/engine" ) +// TestLoad checks if the serialized format that Load returns correctly preserves the dependencies of the loaded chart. func TestLoad(t *testing.T) { assert := assert.New(t) + require := require.New(t) chartLoader := ChartLoader{} - release, err := chartLoader.Load(cloudprovider.GCP, true, []byte("secret"), []byte("salt"), nil, false, versions.Default) - assert.NoError(err) + release, err := chartLoader.Load(cloudprovider.GCP, true, []byte("secret"), []byte("salt"), nil, false) + require.NoError(err) var helmReleases helm.Releases err = json.Unmarshal(release, &helmReleases) - assert.NoError(err) + require.NoError(err) reader := bytes.NewReader(helmReleases.ConstellationServices.Chart) chart, err := loader.LoadArchive(reader) - assert.NoError(err) + require.NoError(err) assert.NotNil(chart.Dependencies()) } + +// TestTemplate checks if the rendered constellation-services chart produces the expected yaml files. +func TestTemplate(t *testing.T) { + testCases := map[string]struct { + csp cloudprovider.Provider + enforceIDKeyDigest bool + valuesModifier func(map[string]any) error + ccmImage string + }{ + "GCP": { + csp: cloudprovider.GCP, + enforceIDKeyDigest: false, + valuesModifier: prepareGCPValues, + ccmImage: "ccmImageForGCP", + }, + "Azure": { + csp: cloudprovider.Azure, + enforceIDKeyDigest: true, + valuesModifier: prepareAzureValues, + ccmImage: "ccmImageForAzure", + }, + "QEMU": { + csp: cloudprovider.QEMU, + enforceIDKeyDigest: false, + valuesModifier: prepareQEMUValues, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + assert := assert.New(t) + require := require.New(t) + + chartLoader := ChartLoader{joinServiceImage: "joinServiceImage", kmsImage: "kmsImage", ccmImage: tc.ccmImage} + release, err := chartLoader.Load(tc.csp, true, []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), []uint32{1, 11}, tc.enforceIDKeyDigest) + require.NoError(err) + + var helmReleases helm.Releases + err = json.Unmarshal(release, &helmReleases) + require.NoError(err) + reader := bytes.NewReader(helmReleases.ConstellationServices.Chart) + chart, err := loader.LoadArchive(reader) + require.NoError(err) + + options := chartutil.ReleaseOptions{ + Name: "testRelease", + Namespace: "testNamespace", + Revision: 1, + IsInstall: true, + IsUpgrade: false, + } + caps := &chartutil.Capabilities{} + + err = tc.valuesModifier(helmReleases.ConstellationServices.Values) + require.NoError(err) + + valuesToRender, err := chartutil.ToRenderValues(chart, helmReleases.ConstellationServices.Values, options, caps) + require.NoError(err) + result, err := engine.Render(chart, valuesToRender) + require.NoError(err) + for k, v := range result { + currentFile := path.Join("testdata", tc.csp.String(), k) + content, err := os.ReadFile(currentFile) + + // If a file does not exist, we expect the render for that path to be empty. + if errors.Is(err, fs.ErrNotExist) { + assert.YAMLEq("", v, fmt.Sprintf("current file: %s", currentFile)) + continue + } + assert.NoError(err) + assert.YAMLEq(string(content), v, fmt.Sprintf("current file: %s", currentFile)) + } + }) + } +} + +func prepareGCPValues(values map[string]any) error { + joinVals, ok := values["join-service"].(map[string]any) + if !ok { + return errors.New("missing 'join-service' key") + } + joinVals["measurements"] = "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}" + joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + + ccmVals, ok := values["ccm"].(map[string]any) + if !ok { + return errors.New("missing 'ccm' key") + } + ccmVals["subnetworkCIDR"] = "192.0.2.0/24" + ccmVals["GCP"].(map[string]any)["projectID"] = "42424242424242" + ccmVals["GCP"].(map[string]any)["uid"] = "242424242424" + ccmVals["GCP"].(map[string]any)["secretData"] = "baaaaaad" + + return nil +} + +func prepareAzureValues(values map[string]any) error { + joinVals, ok := values["join-service"].(map[string]any) + if !ok { + return errors.New("missing 'join-service' key") + } + joinVals["idkeydigest"] = "baaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaad" + joinVals["measurements"] = "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}" + joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + + ccmVals, ok := values["ccm"].(map[string]any) + if !ok { + return errors.New("missing 'ccm' key") + } + ccmVals["subnetworkCIDR"] = "192.0.2.0/24" + ccmVals["Azure"].(map[string]any)["azureConfig"] = "baaaaaad" + + return nil +} + +func prepareQEMUValues(values map[string]any) error { + joinVals, ok := values["join-service"].(map[string]any) + if !ok { + return errors.New("missing 'join-service' key") + } + joinVals["measurements"] = "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}" + joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + + ccmVals, ok := values["ccm"].(map[string]any) + if !ok { + return errors.New("missing 'ccm' key") + } + ccmVals["subnetworkCIDR"] = "192.0.2.0/24" + + return nil +} diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-daemonset.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-daemonset.yaml new file mode 100644 index 000000000..44e0b5444 --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-daemonset.yaml @@ -0,0 +1,72 @@ + +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: cloud-controller-manager + namespace: testNamespace + labels: + k8s-app: cloud-controller-manager +spec: + selector: + matchLabels: + k8s-app: cloud-controller-manager + template: + metadata: + labels: + k8s-app: cloud-controller-manager + spec: + containers: + - name: cloud-controller-manager + image: ccmImageForAzure + command: + - cloud-controller-manager + - --cloud-provider=azure + - --leader-elect=true + - --cluster-cidr=192.0.2.0/24 + - -v=2 + - --controllers=*,-cloud-node + - --cloud-config=/etc/azure/azure.json + - --allocate-node-cidrs=false + - --configure-cloud-routes=true + resources: {} + volumeMounts: + - name: etckubernetes + mountPath: /etc/kubernetes + readOnly: true + - name: etcssl + mountPath: /etc/ssl + readOnly: true + - name: etcpki + mountPath: /etc/pki + readOnly: true + - name: azureconfig + mountPath: /etc/azure + readOnly: true + nodeSelector: + node-role.kubernetes.io/control-plane: "" + serviceAccountName: cloud-controller-manager + tolerations: + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + volumes: + - name: etckubernetes + hostPath: + path: /etc/kubernetes + - name: etcssl + hostPath: + path: /etc/ssl + - name: etcpki + hostPath: + path: /etc/pki + - name: azureconfig + secret: + secretName: azureconfig + updateStrategy: {} diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-secret.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-secret.yaml new file mode 100644 index 000000000..8ee103766 --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-secret.yaml @@ -0,0 +1,9 @@ + +apiVersion: v1 +kind: Secret +metadata: + name: azureconfig + namespace: testNamespace +data: + azure.json: YmFhYWFhYWQ= + diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..8624b04ee --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: testNamespace diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/serviceaccount.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/serviceaccount.yaml new file mode 100644 index 000000000..4b924605f --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: testNamespace diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/clusterrole.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/clusterrole.yaml new file mode 100644 index 000000000..89ce654eb --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: join-service + name: join-service +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..6e668f86b --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: join-service +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: join-service +subjects: +- kind: ServiceAccount + name: join-service + namespace: testNamespace diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/configmap.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/configmap.yaml new file mode 100644 index 000000000..1998e0b4a --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: join-config + namespace: kube-system +data: + enforcedPCRs: "[1,11]" + measurements: "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}" + enforceIdKeyDigest: "true" + idkeydigest: "baaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaad" +binaryData: + measurementSalt: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/daemonset.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/daemonset.yaml new file mode 100644 index 000000000..c5f588d2c --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/daemonset.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: join-service + namespace: testNamespace + labels: + component: join-service + k8s-app: join-service + kubernetes.io/cluster-service: "true" +spec: + selector: + matchLabels: + k8s-app: join-service + template: + metadata: + labels: + k8s-app: join-service + spec: + priorityClassName: system-cluster-critical + serviceAccountName: join-service + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Equal + value: "true" + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + nodeSelector: + node-role.kubernetes.io/control-plane: "" + containers: + - name: join-service + image: joinServiceImage + args: + - --cloud-provider=Azure + - --kms-endpoint=kms.kube-system:9000 + volumeMounts: + - mountPath: /var/config + name: config + readOnly: true + - mountPath: /etc/kubernetes + name: kubeadm + readOnly: true + ports: + - containerPort: 9090 + name: tcp + resources: {} + securityContext: + privileged: true + volumes: + - name: config + projected: + sources: + - configMap: + name: join-config + - configMap: + name: k8s-version + - configMap: + name: internal-config + - name: kubeadm + hostPath: + path: /etc/kubernetes + updateStrategy: {} diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/service.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/service.yaml new file mode 100644 index 000000000..32bb4b31b --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: join-service + namespace: testNamespace +spec: + type: NodePort + selector: + k8s-app: join-service + ports: + - name: grpc + protocol: TCP + port: 9090 + targetPort: 9090 + nodePort: 30090 +status: + loadBalancer: {} diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/serviceaccount.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/serviceaccount.yaml new file mode 100644 index 000000000..fd9b52173 --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/join-service/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: join-service + namespace: testNamespace diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/clusterrole.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/clusterrole.yaml new file mode 100644 index 000000000..d44b4b1c9 --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/clusterrole.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: kms + name: kms +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..eba2c78c3 --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kms +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kms +subjects: +- kind: ServiceAccount + name: kms + namespace: testNamespace diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/daemonset.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/daemonset.yaml new file mode 100644 index 000000000..a3c593791 --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/daemonset.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + component: kms + k8s-app: kms + kubernetes.io/cluster-service: "true" + name: kms + namespace: testNamespace +spec: + selector: + matchLabels: + k8s-app: kms + template: + metadata: + labels: + k8s-app: kms + spec: + containers: + - name: kms + image: kmsImage + args: + - --port=9000 + volumeMounts: + - mountPath: /var/config + name: config + readOnly: true + resources: {} + nodeSelector: + node-role.kubernetes.io/control-plane: "" + priorityClassName: system-cluster-critical + serviceAccountName: kms + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Equal + value: "true" + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + volumes: + - name: config + projected: + sources: + - configMap: + items: + - key: measurements + path: measurements + name: join-config + - secret: + items: + - key: mastersecret + path: mastersecret + - key: salt + path: salt + name: constellation-mastersecret + updateStrategy: {} diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/mastersecret.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/mastersecret.yaml new file mode 100644 index 000000000..231c4329f --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/mastersecret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: constellation-mastersecret + namespace: testNamespace +data: + mastersecret: YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE= + salt: YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE= diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/service.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/service.yaml new file mode 100644 index 000000000..d0daaa0c1 --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: kms + namespace: testNamespace +spec: + ports: + - name: grpc + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + k8s-app: kms + type: ClusterIP +status: + loadBalancer: {} diff --git a/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/serviceaccount.yaml b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/serviceaccount.yaml new file mode 100644 index 000000000..c5f506fe5 --- /dev/null +++ b/cli/internal/helm/testdata/Azure/constellation-services/charts/kms/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kms + namespace: testNamespace diff --git a/cli/internal/helm/testdata/Azure/constellation-services/templates/.gitkeep b/cli/internal/helm/testdata/Azure/constellation-services/templates/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..8624b04ee --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: testNamespace diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-cm.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-cm.yaml new file mode 100644 index 000000000..65e1c71b9 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-cm.yaml @@ -0,0 +1,9 @@ + +apiVersion: v1 +kind: ConfigMap +metadata: + name: gceconf + namespace: testNamespace +data: + gce.conf: "[global]\nproject-id = 42424242424242\nuse-metadata-server = true\nnode-tags = constellation-242424242424\n" + diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-daemonset.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-daemonset.yaml new file mode 100644 index 000000000..cb7f52722 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-daemonset.yaml @@ -0,0 +1,83 @@ + +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: cloud-controller-manager + namespace: testNamespace + labels: + k8s-app: cloud-controller-manager +spec: + selector: + matchLabels: + k8s-app: cloud-controller-manager + template: + metadata: + labels: + k8s-app: cloud-controller-manager + spec: + containers: + - name: cloud-controller-manager + image: ccmImageForGCP + command: + - /cloud-controller-manager + - --cloud-provider=gce + - --leader-elect=true + - --cluster-cidr=192.0.2.0/24 + - -v=2 + - --use-service-account-credentials + - --controllers=cloud-node,cloud-node-lifecycle,nodeipam,service,route + - --cloud-config=/etc/gce/gce.conf + - --cidr-allocator-type=CloudAllocator + - --allocate-node-cidrs=true + - --configure-cloud-routes=false + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/secrets/google/key.json + volumeMounts: + - mountPath: /etc/kubernetes + name: etckubernetes + readOnly: true + - mountPath: /etc/ssl + name: etcssl + readOnly: true + - mountPath: /etc/pki + name: etcpki + readOnly: true + - mountPath: /etc/gce + name: gceconf + readOnly: true + - mountPath: /var/secrets/google + name: gcekey + readOnly: true + resources: {} + serviceAccountName: cloud-controller-manager + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + volumes: + - name: etckubernetes + hostPath: + path: /etc/kubernetes + - name: etcssl + hostPath: + path: /etc/ssl + - name: etcpki + hostPath: + path: /etc/pki + - name: gceconf + configMap: + name: gceconf + - name: gcekey + secret: + secretName: gcekey + updateStrategy: {} diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-secret.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-secret.yaml new file mode 100644 index 000000000..080a34ed3 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-secret.yaml @@ -0,0 +1,9 @@ + +apiVersion: v1 +kind: Secret +metadata: + name: gcekey + namespace: testNamespace +data: + key.json: YmFhYWFhYWQ= + diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/serviceaccount.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/serviceaccount.yaml new file mode 100644 index 000000000..4b924605f --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: testNamespace diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/clusterrole.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/clusterrole.yaml new file mode 100644 index 000000000..89ce654eb --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: join-service + name: join-service +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..6e668f86b --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: join-service +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: join-service +subjects: +- kind: ServiceAccount + name: join-service + namespace: testNamespace diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/configmap.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/configmap.yaml new file mode 100644 index 000000000..756a84497 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: join-config + namespace: kube-system +data: + enforcedPCRs: "[1,11]" + measurements: "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}" +binaryData: + measurementSalt: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/daemonset.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/daemonset.yaml new file mode 100644 index 000000000..2b8088d84 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/daemonset.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: join-service + namespace: testNamespace + labels: + component: join-service + k8s-app: join-service + kubernetes.io/cluster-service: "true" +spec: + selector: + matchLabels: + k8s-app: join-service + template: + metadata: + labels: + k8s-app: join-service + spec: + priorityClassName: system-cluster-critical + serviceAccountName: join-service + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Equal + value: "true" + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + nodeSelector: + node-role.kubernetes.io/control-plane: "" + containers: + - name: join-service + image: joinServiceImage + args: + - --cloud-provider=GCP + - --kms-endpoint=kms.kube-system:9000 + volumeMounts: + - mountPath: /var/config + name: config + readOnly: true + - mountPath: /etc/kubernetes + name: kubeadm + readOnly: true + ports: + - containerPort: 9090 + name: tcp + resources: {} + securityContext: + privileged: true + volumes: + - name: config + projected: + sources: + - configMap: + name: join-config + - configMap: + name: k8s-version + - configMap: + name: internal-config + - name: kubeadm + hostPath: + path: /etc/kubernetes + updateStrategy: {} diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/service.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/service.yaml new file mode 100644 index 000000000..32bb4b31b --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: join-service + namespace: testNamespace +spec: + type: NodePort + selector: + k8s-app: join-service + ports: + - name: grpc + protocol: TCP + port: 9090 + targetPort: 9090 + nodePort: 30090 +status: + loadBalancer: {} diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/serviceaccount.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/serviceaccount.yaml new file mode 100644 index 000000000..fd9b52173 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/join-service/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: join-service + namespace: testNamespace diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/clusterrole.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/clusterrole.yaml new file mode 100644 index 000000000..d44b4b1c9 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/clusterrole.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: kms + name: kms +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..eba2c78c3 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kms +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kms +subjects: +- kind: ServiceAccount + name: kms + namespace: testNamespace diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/daemonset.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/daemonset.yaml new file mode 100644 index 000000000..a3c593791 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/daemonset.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + component: kms + k8s-app: kms + kubernetes.io/cluster-service: "true" + name: kms + namespace: testNamespace +spec: + selector: + matchLabels: + k8s-app: kms + template: + metadata: + labels: + k8s-app: kms + spec: + containers: + - name: kms + image: kmsImage + args: + - --port=9000 + volumeMounts: + - mountPath: /var/config + name: config + readOnly: true + resources: {} + nodeSelector: + node-role.kubernetes.io/control-plane: "" + priorityClassName: system-cluster-critical + serviceAccountName: kms + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Equal + value: "true" + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + volumes: + - name: config + projected: + sources: + - configMap: + items: + - key: measurements + path: measurements + name: join-config + - secret: + items: + - key: mastersecret + path: mastersecret + - key: salt + path: salt + name: constellation-mastersecret + updateStrategy: {} diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/mastersecret.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/mastersecret.yaml new file mode 100644 index 000000000..231c4329f --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/mastersecret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: constellation-mastersecret + namespace: testNamespace +data: + mastersecret: YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE= + salt: YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE= diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/service.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/service.yaml new file mode 100644 index 000000000..d0daaa0c1 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: kms + namespace: testNamespace +spec: + ports: + - name: grpc + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + k8s-app: kms + type: ClusterIP +status: + loadBalancer: {} diff --git a/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/serviceaccount.yaml b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/serviceaccount.yaml new file mode 100644 index 000000000..c5f506fe5 --- /dev/null +++ b/cli/internal/helm/testdata/GCP/constellation-services/charts/kms/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kms + namespace: testNamespace diff --git a/cli/internal/helm/testdata/GCP/constellation-services/templates/.gitkeep b/cli/internal/helm/testdata/GCP/constellation-services/templates/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/ccm/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/ccm/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..8624b04ee --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/ccm/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: testNamespace diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/ccm/templates/serviceaccount.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/ccm/templates/serviceaccount.yaml new file mode 100644 index 000000000..4b924605f --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/ccm/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: testNamespace diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/clusterrole.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/clusterrole.yaml new file mode 100644 index 000000000..89ce654eb --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: join-service + name: join-service +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..6e668f86b --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: join-service +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: join-service +subjects: +- kind: ServiceAccount + name: join-service + namespace: testNamespace diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/configmap.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/configmap.yaml new file mode 100644 index 000000000..756a84497 --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: join-config + namespace: kube-system +data: + enforcedPCRs: "[1,11]" + measurements: "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}" +binaryData: + measurementSalt: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/daemonset.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/daemonset.yaml new file mode 100644 index 000000000..b75a14e3c --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/daemonset.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: join-service + namespace: testNamespace + labels: + component: join-service + k8s-app: join-service + kubernetes.io/cluster-service: "true" +spec: + selector: + matchLabels: + k8s-app: join-service + template: + metadata: + labels: + k8s-app: join-service + spec: + priorityClassName: system-cluster-critical + serviceAccountName: join-service + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Equal + value: "true" + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + nodeSelector: + node-role.kubernetes.io/control-plane: "" + containers: + - name: join-service + image: joinServiceImage + args: + - --cloud-provider=QEMU + - --kms-endpoint=kms.kube-system:9000 + volumeMounts: + - mountPath: /var/config + name: config + readOnly: true + - mountPath: /etc/kubernetes + name: kubeadm + readOnly: true + ports: + - containerPort: 9090 + name: tcp + resources: {} + securityContext: + privileged: true + volumes: + - name: config + projected: + sources: + - configMap: + name: join-config + - configMap: + name: k8s-version + - configMap: + name: internal-config + - name: kubeadm + hostPath: + path: /etc/kubernetes + updateStrategy: {} diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/service.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/service.yaml new file mode 100644 index 000000000..32bb4b31b --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: join-service + namespace: testNamespace +spec: + type: NodePort + selector: + k8s-app: join-service + ports: + - name: grpc + protocol: TCP + port: 9090 + targetPort: 9090 + nodePort: 30090 +status: + loadBalancer: {} diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/serviceaccount.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/serviceaccount.yaml new file mode 100644 index 000000000..fd9b52173 --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/join-service/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: join-service + namespace: testNamespace diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/clusterrole.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/clusterrole.yaml new file mode 100644 index 000000000..d44b4b1c9 --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/clusterrole.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: kms + name: kms +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/clusterrolebinding.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..eba2c78c3 --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kms +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kms +subjects: +- kind: ServiceAccount + name: kms + namespace: testNamespace diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/daemonset.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/daemonset.yaml new file mode 100644 index 000000000..a3c593791 --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/daemonset.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + component: kms + k8s-app: kms + kubernetes.io/cluster-service: "true" + name: kms + namespace: testNamespace +spec: + selector: + matchLabels: + k8s-app: kms + template: + metadata: + labels: + k8s-app: kms + spec: + containers: + - name: kms + image: kmsImage + args: + - --port=9000 + volumeMounts: + - mountPath: /var/config + name: config + readOnly: true + resources: {} + nodeSelector: + node-role.kubernetes.io/control-plane: "" + priorityClassName: system-cluster-critical + serviceAccountName: kms + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Equal + value: "true" + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + volumes: + - name: config + projected: + sources: + - configMap: + items: + - key: measurements + path: measurements + name: join-config + - secret: + items: + - key: mastersecret + path: mastersecret + - key: salt + path: salt + name: constellation-mastersecret + updateStrategy: {} diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/mastersecret.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/mastersecret.yaml new file mode 100644 index 000000000..231c4329f --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/mastersecret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: constellation-mastersecret + namespace: testNamespace +data: + mastersecret: YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE= + salt: YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE= diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/service.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/service.yaml new file mode 100644 index 000000000..d0daaa0c1 --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: kms + namespace: testNamespace +spec: + ports: + - name: grpc + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + k8s-app: kms + type: ClusterIP +status: + loadBalancer: {} diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/serviceaccount.yaml b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/serviceaccount.yaml new file mode 100644 index 000000000..c5f506fe5 --- /dev/null +++ b/cli/internal/helm/testdata/QEMU/constellation-services/charts/kms/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kms + namespace: testNamespace diff --git a/cli/internal/helm/testdata/QEMU/constellation-services/templates/.gitkeep b/cli/internal/helm/testdata/QEMU/constellation-services/templates/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/hack/go.sum b/hack/go.sum index c2f8dd29b..21a4a255f 100644 --- a/hack/go.sum +++ b/hack/go.sum @@ -129,11 +129,13 @@ github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 h1:BWe8a+f/t+7 github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= @@ -141,7 +143,9 @@ github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= +github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= +github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= @@ -539,6 +543,7 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -820,6 +825,7 @@ github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c/go.mod h1:lADxMC39cJ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= +github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -1223,6 +1229,7 @@ github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs= github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew= +github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=