jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
e2b5bb1376
charts/teleport-cluster/tests/auth_config_test.yaml
Jonny Ervine e2b5bb1376 Update teleport
2025-05-13 22:48:36 +08:00

737 lines
18 KiB
YAML
Raw Blame History

suite: ConfigMap
templates:
- auth/config.yaml
tests:
- it: matches snapshot for acme-off.yaml
values:
- ../.lint/acme-off.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for acme-on.yaml
values:
- ../.lint/acme-on.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for acme-uri-staging.yaml
values:
- ../.lint/acme-on.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: wears annotations (annotations.yaml)
values:
- ../.lint/annotations.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- equal:
path: metadata.annotations.kubernetes\.io/config
value: test-annotation
- equal:
path: metadata.annotations.kubernetes\.io/config-different
value: 2
- it: matches snapshot for auth-connector-name.yaml
values:
- ../.lint/auth-connector-name.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for auth-disable-local.yaml
values:
- ../.lint/auth-disable-local.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for auth-locking-mode.yaml
values:
- ../.lint/auth-locking-mode.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for auth-passwordless.yaml
values:
- ../.lint/auth-passwordless.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for auth-type.yaml
values:
- ../.lint/auth-type.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for auth-type-legacy.yaml
values:
- ../.lint/auth-type-legacy.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for auth-webauthn.yaml
values:
- ../.lint/auth-webauthn.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for auth-webauthn-legacy.yaml
values:
- ../.lint/auth-webauthn-legacy.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for aws.yaml
values:
- ../.lint/aws.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for aws-dynamodb-autoscaling.yaml
values:
- ../.lint/aws-dynamodb-autoscaling.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for aws-ha.yaml
values:
- ../.lint/aws-ha.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for aws-ha-acme.yaml
values:
- ../.lint/aws-ha-acme.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for aws-ha-antiaffinity.yaml
values:
- ../.lint/aws-ha-antiaffinity.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for aws-ha-log.yaml
values:
- ../.lint/aws-ha-log.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for existing-tls-secret.yaml
values:
- ../.lint/existing-tls-secret.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for existing-tls-secret-with-ca.yaml
values:
- ../.lint/existing-tls-secret-with-ca.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for gcp-ha-acme.yaml
values:
- ../.lint/gcp-ha-acme.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for gcp-ha-antiaffinity.yaml
values:
- ../.lint/gcp-ha-antiaffinity.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for gcp-ha-log.yaml
values:
- ../.lint/gcp-ha-log.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for gcp.yaml
values:
- ../.lint/gcp.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for initcontainers.yaml
values:
- ../.lint/initcontainers.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for kube-cluster-name.yaml
values:
- ../.lint/kube-cluster-name.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for log-basic.yaml
values:
- ../.lint/log-basic.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for log-extra.yaml
values:
- ../.lint/log-extra.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for log-legacy.yaml
values:
- ../.lint/log-legacy.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for priority-class-name.yaml
values:
- ../.lint/priority-class-name.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for proxy-listener-mode-multiplex.yaml
values:
- ../.lint/proxy-listener-mode-multiplex.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for proxy-listener-mode-separate.yaml
values:
- ../.lint/proxy-listener-mode-separate.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for service.yaml
values:
- ../.lint/service.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for separate-mongo-listener.yaml
values:
- ../.lint/separate-mongo-listener.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for separate-postgres-listener.yaml
values:
- ../.lint/separate-postgres-listener.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for public-addresses.yaml
values:
- ../.lint/public-addresses.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for session-recording.yaml
values:
- ../.lint/session-recording.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for standalone-customsize.yaml
values:
- ../.lint/standalone-customsize.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for standalone-existingpvc.yaml
values:
- ../.lint/standalone-existingpvc.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for tolerations.yaml
values:
- ../.lint/tolerations.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for version-override.yaml
values:
- ../.lint/version-override.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for volumes.yaml
values:
- ../.lint/volumes.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: adds a proxy token by default
set:
clusterName: teleport.example.com
asserts:
- notEqual:
path: data.apply-on-startup\.yaml
value: null
- matchSnapshot:
path: data.apply-on-startup\.yaml
- it: matches snapshot for azure.yaml
values:
- ../.lint/azure.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for azure.yaml without pool_max_conn
values:
- ../.lint/azure.yaml
set:
azure:
databasePoolMaxConnections: 0
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: sets "provisioned" billing mode when autoscaling is enabled
values:
- ../.lint/aws-dynamodb-autoscaling.yaml
asserts:
- matchRegex:
path: data.teleport\.yaml
pattern: 'billing_mode: provisioned'
- it: fails when no audit backend is configured
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
asserts:
- failedTemplate:
errorMessage: "You need an audit backend. In AWS mode, you must set at least one of `aws.auditLogTable` (Dynamo) and `aws.athenaURL` (Athena)."
- it: configures dynamo when dynamo is set
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
auditLogTable: my-dynamodb-table
asserts:
- matchRegex:
path: data.teleport\.yaml
pattern: '- dynamodb://my-dynamodb-table'
- it: configures athena when athenaURL is set
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name'
asserts:
- matchRegex:
path: data.teleport\.yaml
pattern: '- athena://db.table'
- it: configures dynamo and stdout when dynamo is set and mirroring is on
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
auditLogTable: my-dynamodb-table
auditLogMirrorOnStdout: true
asserts:
- matchRegex:
path: data.teleport\.yaml
pattern: '- dynamodb://my-dynamodb-table'
- matchRegex:
path: data.teleport\.yaml
pattern: '- stdout://'
- it: fails when both athena and dynamo are set but no order is specified
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
auditLogTable: my-dynamodb-table
athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name'
asserts:
- failedTemplate:
errorMessage: "Both Dynamo and Athena audit backends are enabled. You must specify the primary backend by setting `aws.auditLogPrimaryBackend` to either 'dynamo' or 'athena'."
- it: uses athena as primary backend when configured
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
auditLogTable: my-dynamodb-table
athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name'
auditLogPrimaryBackend: "athena"
asserts:
- matchSnapshot:
path: data.teleport\.yaml
- it: uses dynamo as primary backend when configured
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
auditLogTable: my-dynamodb-table
athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name'
auditLogPrimaryBackend: "dynamo"
asserts:
- matchSnapshot:
path: data.teleport\.yaml
- it: uses athena, dynamo, and stdout when everything is on
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
auditLogTable: my-dynamodb-table
athenaURL: 'athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name'
auditLogPrimaryBackend: "athena"
auditLogMirrorOnStdout: true
asserts:
- matchSnapshot:
path: data.teleport\.yaml
- it: keeps the second factor type even when it's "off"
set:
clusterName: helm-lint
authentication:
secondFactor: 'off'
asserts:
- matchSnapshot:
path: data.teleport\.yaml
- it: fails if access monitoring is enabled without athena
set:
chartMode: aws
clusterName: "teleport.example.com"
aws:
region: asd
backendTable: asd
sessionRecordingBucket: asd
auditLogTable: my-dynamodb-table
accessMonitoring:
enabled: true
asserts:
- failedTemplate:
errorMessage: "AccessMonitoring requires an Athena Event backend"
- it: configures access monitoring when its values are set
values:
- ../.lint/aws-access-monitoring.yaml
asserts:
- matchSnapshot:
path: data.teleport\.yaml
- it: sets extraLabels on Configmap
values:
- ../.lint/annotations.yaml
set:
extraLabels:
config:
foo: bar
baz: override-me
auth:
extraLabels:
config:
baz: overridden
asserts:
- equal:
path: metadata.labels.foo
value: bar
- equal:
path: metadata.labels.baz
value: overridden
- it: keeps the session_recording type even when it's "off"
set:
clusterName: helm-lint
sessionRecording: 'off'
asserts:
- matchSnapshot:
path: data.teleport\.yaml
- it: sets clusterDomain on Configmap
set:
clusterName: teleport.example.com
global:
clusterDomain: test.com
asserts:
- matchSnapshot: {}
- matchRegex:
path: data.teleport\.yaml
pattern: 'svc.test.com:3026'
- it: matches snapshot for auth-secondfactors-webauthn.yaml
values:
- ../.lint/auth-secondfactors-webauthn.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot for auth-secondfactors-sso.yaml
values:
- ../.lint/auth-secondfactors-sso.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
- it: matches snapshot when both secondFactor and secondFactors are set.
set:
clusterName: helm-lint
authentication:
secondFactor: "off"
secondFactors: ["otp", "webauthn"]
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot:
path: data.teleport\.yaml
Reference in New Issue View Git Blame Copy Permalink