suite: ConfigMap templates: - auth/config.yaml tests: - it: matches snapshot for acme-off.yaml values: - ../.lint/acme-off.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for acme-on.yaml values: - ../.lint/acme-on.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for acme-uri-staging.yaml values: - ../.lint/acme-on.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: wears annotations (annotations.yaml) values: - ../.lint/annotations.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - equal: path: metadata.annotations.kubernetes\.io/config value: test-annotation - equal: path: metadata.annotations.kubernetes\.io/config-different value: 2 - it: matches snapshot for auth-connector-name.yaml values: - ../.lint/auth-connector-name.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for auth-disable-local.yaml values: - ../.lint/auth-disable-local.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for auth-locking-mode.yaml values: - ../.lint/auth-locking-mode.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for auth-passwordless.yaml values: - ../.lint/auth-passwordless.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for auth-type.yaml values: - ../.lint/auth-type.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for auth-type-legacy.yaml values: - ../.lint/auth-type-legacy.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for auth-webauthn.yaml values: - ../.lint/auth-webauthn.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for auth-webauthn-legacy.yaml values: - ../.lint/auth-webauthn-legacy.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for aws.yaml values: - ../.lint/aws.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for aws-dynamodb-autoscaling.yaml values: - ../.lint/aws-dynamodb-autoscaling.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for aws-ha.yaml values: - ../.lint/aws-ha.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for aws-ha-acme.yaml values: - ../.lint/aws-ha-acme.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for aws-ha-antiaffinity.yaml values: - ../.lint/aws-ha-antiaffinity.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for aws-ha-log.yaml values: - ../.lint/aws-ha-log.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for existing-tls-secret.yaml values: - ../.lint/existing-tls-secret.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for existing-tls-secret-with-ca.yaml values: - ../.lint/existing-tls-secret-with-ca.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for gcp-ha-acme.yaml values: - ../.lint/gcp-ha-acme.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for gcp-ha-antiaffinity.yaml values: - ../.lint/gcp-ha-antiaffinity.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for gcp-ha-log.yaml values: - ../.lint/gcp-ha-log.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for gcp.yaml values: - ../.lint/gcp.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for initcontainers.yaml values: - ../.lint/initcontainers.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for kube-cluster-name.yaml values: - ../.lint/kube-cluster-name.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for log-basic.yaml values: - ../.lint/log-basic.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for log-extra.yaml values: - ../.lint/log-extra.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for log-legacy.yaml values: - ../.lint/log-legacy.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for priority-class-name.yaml values: - ../.lint/priority-class-name.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for proxy-listener-mode-multiplex.yaml values: - ../.lint/proxy-listener-mode-multiplex.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for proxy-listener-mode-separate.yaml values: - ../.lint/proxy-listener-mode-separate.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for service.yaml values: - ../.lint/service.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for separate-mongo-listener.yaml values: - ../.lint/separate-mongo-listener.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for separate-postgres-listener.yaml values: - ../.lint/separate-postgres-listener.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for public-addresses.yaml values: - ../.lint/public-addresses.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for session-recording.yaml values: - ../.lint/session-recording.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for standalone-customsize.yaml values: - ../.lint/standalone-customsize.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for standalone-existingpvc.yaml values: - ../.lint/standalone-existingpvc.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for tolerations.yaml values: - ../.lint/tolerations.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for version-override.yaml values: - ../.lint/version-override.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for volumes.yaml values: - ../.lint/volumes.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: adds a proxy token by default set: clusterName: teleport.example.com asserts: - notEqual: path: data.apply-on-startup\.yaml value: null - matchSnapshot: path: data.apply-on-startup\.yaml - it: matches snapshot for azure.yaml values: - ../.lint/azure.yaml asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: matches snapshot for azure.yaml without pool_max_conn values: - ../.lint/azure.yaml set: azure: databasePoolMaxConnections: 0 asserts: - hasDocuments: count: 1 - isKind: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml - it: sets "provisioned" billing mode when autoscaling is enabled values: - ../.lint/aws-dynamodb-autoscaling.yaml asserts: - matchRegex: path: data.teleport\.yaml pattern: 'billing_mode: provisioned' - it: fails when no audit backend is configured set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd asserts: - failedTemplate: errorMessage: "You need an audit backend. In AWS mode, you must set at least one of `aws.auditLogTable` (Dynamo) and `aws.athenaURL` (Athena)." - it: configures dynamo when dynamo is set set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd auditLogTable: my-dynamodb-table asserts: - matchRegex: path: data.teleport\.yaml pattern: '- dynamodb://my-dynamodb-table' - it: configures athena when athenaURL is set set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name' asserts: - matchRegex: path: data.teleport\.yaml pattern: '- athena://db.table' - it: configures dynamo and stdout when dynamo is set and mirroring is on set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd auditLogTable: my-dynamodb-table auditLogMirrorOnStdout: true asserts: - matchRegex: path: data.teleport\.yaml pattern: '- dynamodb://my-dynamodb-table' - matchRegex: path: data.teleport\.yaml pattern: '- stdout://' - it: fails when both athena and dynamo are set but no order is specified set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd auditLogTable: my-dynamodb-table athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name' asserts: - failedTemplate: errorMessage: "Both Dynamo and Athena audit backends are enabled. You must specify the primary backend by setting `aws.auditLogPrimaryBackend` to either 'dynamo' or 'athena'." - it: uses athena as primary backend when configured set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd auditLogTable: my-dynamodb-table athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name' auditLogPrimaryBackend: "athena" asserts: - matchSnapshot: path: data.teleport\.yaml - it: uses dynamo as primary backend when configured set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd auditLogTable: my-dynamodb-table athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name' auditLogPrimaryBackend: "dynamo" asserts: - matchSnapshot: path: data.teleport\.yaml - it: uses athena, dynamo, and stdout when everything is on set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd auditLogTable: my-dynamodb-table athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name' auditLogPrimaryBackend: "athena" auditLogMirrorOnStdout: true asserts: - matchSnapshot: path: data.teleport\.yaml - it: keeps the second factor type even when it's "off" set: clusterName: helm-lint authentication: secondFactor: 'off' asserts: - matchSnapshot: path: data.teleport\.yaml - it: fails if access monitoring is enabled without athena set: chartMode: aws clusterName: "teleport.example.com" aws: region: asd backendTable: asd sessionRecordingBucket: asd auditLogTable: my-dynamodb-table accessMonitoring: enabled: true asserts: - failedTemplate: errorMessage: "AccessMonitoring requires an Athena Event backend" - it: configures access monitoring when its values are set values: - ../.lint/aws-access-monitoring.yaml asserts: - matchSnapshot: path: data.teleport\.yaml - it: sets extraLabels on Configmap values: - ../.lint/annotations.yaml set: extraLabels: config: foo: bar baz: override-me auth: extraLabels: config: baz: overridden asserts: - equal: path: metadata.labels.foo value: bar - equal: path: metadata.labels.baz value: overridden - it: keeps the session_recording type even when it's "off" set: clusterName: helm-lint sessionRecording: 'off' asserts: - matchSnapshot: path: data.teleport\.yaml - it: sets clusterDomain on Configmap set: clusterName: teleport.example.com global: clusterDomain: test.com asserts: - matchSnapshot: {} - matchRegex: path: data.teleport\.yaml pattern: 'svc.test.com:3026'