github.com/stefanmcshane/helm@v0.0.0-20221213002717-88a4a2c6e77d/pkg/action/validate_test.go (about) 1 /* 2 Copyright The Helm Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package action 18 19 import ( 20 "testing" 21 22 "github.com/stefanmcshane/helm/pkg/kube" 23 24 appsv1 "k8s.io/api/apps/v1" 25 26 "github.com/stretchr/testify/assert" 27 "k8s.io/apimachinery/pkg/api/meta" 28 v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 29 "k8s.io/apimachinery/pkg/runtime/schema" 30 "k8s.io/cli-runtime/pkg/resource" 31 ) 32 33 func newDeploymentResource(name, namespace string) *resource.Info { 34 return &resource.Info{ 35 Name: name, 36 Mapping: &meta.RESTMapping{ 37 Resource: schema.GroupVersionResource{Group: "apps", Version: "v1", Resource: "deployment"}, 38 GroupVersionKind: schema.GroupVersionKind{Group: "apps", Version: "v1", Kind: "Deployment"}, 39 }, 40 Object: &appsv1.Deployment{ 41 ObjectMeta: v1.ObjectMeta{ 42 Name: name, 43 Namespace: namespace, 44 }, 45 }, 46 } 47 } 48 49 func TestCheckOwnership(t *testing.T) { 50 deployFoo := newDeploymentResource("foo", "ns-a") 51 52 // Verify that a resource that lacks labels/annotations is not owned 53 err := checkOwnership(deployFoo.Object, "rel-a", "ns-a") 54 assert.EqualError(t, err, `invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "rel-a"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "ns-a"`) 55 56 // Set managed by label and verify annotation error message 57 _ = accessor.SetLabels(deployFoo.Object, map[string]string{ 58 appManagedByLabel: appManagedByHelm, 59 }) 60 err = checkOwnership(deployFoo.Object, "rel-a", "ns-a") 61 assert.EqualError(t, err, `invalid ownership metadata; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "rel-a"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "ns-a"`) 62 63 // Set only the release name annotation and verify missing release namespace error message 64 _ = accessor.SetAnnotations(deployFoo.Object, map[string]string{ 65 helmReleaseNameAnnotation: "rel-a", 66 }) 67 err = checkOwnership(deployFoo.Object, "rel-a", "ns-a") 68 assert.EqualError(t, err, `invalid ownership metadata; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "ns-a"`) 69 70 // Set both release name and namespace annotations and verify no ownership errors 71 _ = accessor.SetAnnotations(deployFoo.Object, map[string]string{ 72 helmReleaseNameAnnotation: "rel-a", 73 helmReleaseNamespaceAnnotation: "ns-a", 74 }) 75 err = checkOwnership(deployFoo.Object, "rel-a", "ns-a") 76 assert.NoError(t, err) 77 78 // Verify ownership error for wrong release name 79 err = checkOwnership(deployFoo.Object, "rel-b", "ns-a") 80 assert.EqualError(t, err, `invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "rel-b": current value is "rel-a"`) 81 82 // Verify ownership error for wrong release namespace 83 err = checkOwnership(deployFoo.Object, "rel-a", "ns-b") 84 assert.EqualError(t, err, `invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-namespace" must equal "ns-b": current value is "ns-a"`) 85 86 // Verify ownership error for wrong manager label 87 _ = accessor.SetLabels(deployFoo.Object, map[string]string{ 88 appManagedByLabel: "helm", 89 }) 90 err = checkOwnership(deployFoo.Object, "rel-a", "ns-a") 91 assert.EqualError(t, err, `invalid ownership metadata; label validation error: key "app.kubernetes.io/managed-by" must equal "Helm": current value is "helm"`) 92 } 93 94 func TestSetMetadataVisitor(t *testing.T) { 95 var ( 96 err error 97 deployFoo = newDeploymentResource("foo", "ns-a") 98 deployBar = newDeploymentResource("bar", "ns-a-system") 99 resources = kube.ResourceList{deployFoo, deployBar} 100 ) 101 102 // Set release tracking metadata and verify no error 103 err = resources.Visit(setMetadataVisitor("rel-a", "ns-a", true)) 104 assert.NoError(t, err) 105 106 // Verify that release "b" cannot take ownership of "a" 107 err = resources.Visit(setMetadataVisitor("rel-b", "ns-a", false)) 108 assert.Error(t, err) 109 110 // Force release "b" to take ownership 111 err = resources.Visit(setMetadataVisitor("rel-b", "ns-a", true)) 112 assert.NoError(t, err) 113 114 // Check that there is now no ownership error when setting metadata without force 115 err = resources.Visit(setMetadataVisitor("rel-b", "ns-a", false)) 116 assert.NoError(t, err) 117 118 // Add a new resource that is missing ownership metadata and verify error 119 resources.Append(newDeploymentResource("baz", "default")) 120 err = resources.Visit(setMetadataVisitor("rel-b", "ns-a", false)) 121 assert.Error(t, err) 122 assert.Contains(t, err.Error(), `Deployment "baz" in namespace "" cannot be owned`) 123 }