215 lines
6.4 KiB
YAML
215 lines
6.4 KiB
YAML
suite: Proxy Certificate
|
|
templates:
|
|
- proxy/certificate.yaml
|
|
tests:
|
|
- it: should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml)
|
|
values:
|
|
- ../.lint/cert-manager.yaml
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Certificate
|
|
- matchSnapshot:
|
|
path: spec.dnsNames
|
|
- matchSnapshot:
|
|
path: spec.issuerRef
|
|
- equal:
|
|
path: spec.commonName
|
|
value: test-cluster
|
|
|
|
- it: should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml)
|
|
values:
|
|
- ../.lint/cert-secret.yaml
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Certificate
|
|
- matchSnapshot:
|
|
path: spec.dnsNames
|
|
- matchSnapshot:
|
|
path: spec.issuerRef
|
|
|
|
- it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-manager.yaml)
|
|
values:
|
|
- ../.lint/cert-manager.yaml
|
|
set:
|
|
publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443']
|
|
highAvailability:
|
|
certManager:
|
|
addPublicAddrs: true
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Certificate
|
|
- matchSnapshot:
|
|
path: spec.dnsNames
|
|
- matchSnapshot:
|
|
path: spec.issuerRef
|
|
- equal:
|
|
path: spec.commonName
|
|
value: test-cluster
|
|
- equal:
|
|
path: spec.dnsNames[0]
|
|
value: "test-cluster"
|
|
- equal:
|
|
path: spec.dnsNames[1]
|
|
value: "*.test-cluster"
|
|
- equal:
|
|
path: spec.dnsNames[2]
|
|
value: "teleport.test.com"
|
|
- equal:
|
|
path: spec.dnsNames[3]
|
|
value: "teleport.shared-services.old-domain.com"
|
|
|
|
- it: should not request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-manager.yaml)
|
|
values:
|
|
- ../.lint/cert-manager.yaml
|
|
set:
|
|
publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443']
|
|
highAvailability:
|
|
certManager:
|
|
addPublicAddrs: false
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Certificate
|
|
- matchSnapshot:
|
|
path: spec.dnsNames
|
|
- matchSnapshot:
|
|
path: spec.issuerRef
|
|
- equal:
|
|
path: spec.commonName
|
|
value: test-cluster
|
|
- equal:
|
|
path: spec.dnsNames[0]
|
|
value: "test-cluster"
|
|
- equal:
|
|
path: spec.dnsNames[1]
|
|
value: "*.test-cluster"
|
|
- notEqual:
|
|
path: spec.dnsNames[2]
|
|
value: "teleport.test.com"
|
|
- notEqual:
|
|
path: spec.dnsNames[3]
|
|
value: "teleport.shared-services.old-domain.com"
|
|
|
|
- it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-secret.yaml)
|
|
values:
|
|
- ../.lint/cert-secret.yaml
|
|
set:
|
|
publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443']
|
|
highAvailability:
|
|
certManager:
|
|
addPublicAddrs: true
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Certificate
|
|
- matchSnapshot:
|
|
path: spec.dnsNames
|
|
- matchSnapshot:
|
|
path: spec.issuerRef
|
|
- equal:
|
|
path: spec.dnsNames[0]
|
|
value: "test-cluster"
|
|
- equal:
|
|
path: spec.dnsNames[1]
|
|
value: "*.test-cluster"
|
|
- equal:
|
|
path: spec.dnsNames[2]
|
|
value: "teleport.test.com"
|
|
- equal:
|
|
path: spec.dnsNames[3]
|
|
value: "teleport.shared-services.old-domain.com"
|
|
|
|
- it: should not request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-secret.yaml)
|
|
values:
|
|
- ../.lint/cert-secret.yaml
|
|
set:
|
|
publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443']
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Certificate
|
|
- matchSnapshot:
|
|
path: spec.dnsNames
|
|
- matchSnapshot:
|
|
path: spec.issuerRef
|
|
- notEqual:
|
|
path: spec.commonName
|
|
value: test-cluster
|
|
- equal:
|
|
path: spec.dnsNames[0]
|
|
value: "test-cluster"
|
|
- equal:
|
|
path: spec.dnsNames[1]
|
|
value: "*.test-cluster"
|
|
- notEqual:
|
|
path: spec.dnsNames[2]
|
|
value: "teleport.test.com"
|
|
- notEqual:
|
|
path: spec.dnsNames[3]
|
|
value: "teleport.shared-services.old-domain.com"
|
|
|
|
- it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set, removing duplicates
|
|
values:
|
|
- ../.lint/cert-manager.yaml
|
|
set:
|
|
publicAddr: ['test-cluster:443', 'teleport.test.com:443', 'teleport.shared-services.old-domain.com:443', 'teleport.test.com:443']
|
|
highAvailability:
|
|
certManager:
|
|
addPublicAddrs: true
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 1
|
|
- isKind:
|
|
of: Certificate
|
|
- matchSnapshot:
|
|
path: spec.dnsNames
|
|
- matchSnapshot:
|
|
path: spec.issuerRef
|
|
- equal:
|
|
path: spec.dnsNames[0]
|
|
value: "test-cluster"
|
|
- equal:
|
|
path: spec.dnsNames[1]
|
|
value: "*.test-cluster"
|
|
- notEqual:
|
|
path: spec.dnsNames[2]
|
|
value: "test-cluster"
|
|
- equal:
|
|
path: spec.dnsNames[2]
|
|
value: "teleport.test.com"
|
|
- equal:
|
|
path: spec.dnsNames[3]
|
|
value: "teleport.shared-services.old-domain.com"
|
|
- notEqual:
|
|
path: spec.dnsNames[4]
|
|
value: "teleport.test.com"
|
|
|
|
- it: sets extraLabels on Certificate Secret
|
|
values:
|
|
- ../.lint/cert-manager.yaml
|
|
set:
|
|
extraLabels:
|
|
certSecret:
|
|
foo: bar
|
|
baz: override-me
|
|
proxy:
|
|
extraLabels:
|
|
certSecret:
|
|
baz: overridden
|
|
asserts:
|
|
- equal:
|
|
path: spec.secretTemplate.labels.foo
|
|
value: bar
|
|
- equal:
|
|
path: spec.secretTemplate.labels.baz
|
|
value: overridden
|