Added custom image pull secrets integ test

SumoLogic · Jul 26, 2024 · 1f922a6 · 1f922a6
1 parent 2ea0cff
commit 1f922a6
Show file tree

Hide file tree

Showing 15 changed files with 162 additions and 3 deletions.
diff --git a/.changelog/3808.changed.txt b/.changelog/3808.changed.txt
@@ -0,0 +1 @@
+test: Added custom image pull secrets tests for global configuration attributes
diff --git a/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/events/otelcol/statefulset.yaml
@@ -35,6 +35,12 @@ spec:
 {{ toYaml .Values.otelevents.statefulset.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}    
       serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }}
 {{- if not (empty (include "events.statefulset.nodeSelector" .)) }}
       nodeSelector:

diff --git a/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml b/deploy/helm/sumologic/templates/instrumentation/otelcol-instrumentation/statefulset.yaml
@@ -45,6 +45,12 @@ spec:
 {{ toYaml $otelcolInstrumentation.statefulset.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}    
       serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }}
 {{- if not (empty (include "otelcolInstrumentation.statefulset.nodeSelector" .)) }}
       nodeSelector:

diff --git a/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml b/deploy/helm/sumologic/templates/instrumentation/traces-gateway/deployment.yaml
@@ -46,6 +46,12 @@ spec:
 {{ toYaml $tracesGateway.deployment.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}    
       serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }}
 {{- if not (empty (include "tracesGateway.deployment.nodeSelector" .)) }}
       nodeSelector:

diff --git a/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml b/deploy/helm/sumologic/templates/instrumentation/traces-sampler/deployment.yaml
@@ -42,6 +42,12 @@ spec:
 {{ toYaml $tracesSampler.deployment.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}    
       serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }}
 {{- if not (empty (include "tracesSampler.deployment.nodeSelector" .)) }}
       nodeSelector:

diff --git a/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml b/deploy/helm/sumologic/templates/logs/collector/otelcol/daemonset.yaml
@@ -65,6 +65,12 @@ spec:
 {{ toYaml $daemonset.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}
 {{- if $nodeSelector }}
       nodeSelector:
 {{ $nodeSelector | indent 8 }}

diff --git a/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml b/deploy/helm/sumologic/templates/logs/collector/otellogswindows/daemonset.yaml
@@ -65,6 +65,12 @@ spec:
 {{ toYaml $daemonset.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}    
 {{- if $nodeSelector }}
       nodeSelector:
 {{ $nodeSelector | indent 8 }}

diff --git a/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/logs/otelcol/statefulset.yaml
@@ -42,6 +42,12 @@ spec:
 {{ toYaml .Values.metadata.logs.statefulset.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}    
       serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }}
 {{- if not (empty (include "metadata.logs.statefulset.nodeSelector" .)) }}
       nodeSelector:

diff --git a/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml b/deploy/helm/sumologic/templates/metrics/otelcol/statefulset.yaml
@@ -42,6 +42,12 @@ spec:
 {{ toYaml .Values.metadata.metrics.statefulset.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}    
       serviceAccountName: {{ template "sumologic.metadata.name.roles.serviceaccount" . }}
 {{- if not (empty (include "metadata.metrics.statefulset.nodeSelector" .)) }}
       nodeSelector:

diff --git a/deploy/helm/sumologic/templates/setup/job.yaml b/deploy/helm/sumologic/templates/setup/job.yaml
@@ -34,6 +34,12 @@ spec:
 {{ toYaml .Values.sumologic.setup.job.podLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if $.Values.sumologic.pullSecrets }}
+      imagePullSecrets:
+ {{- range $.Values.sumologic.pullSecrets }}
+        - name: {{ .name }}
+ {{- end }}
+      {{- end }}    
       restartPolicy: OnFailure
       serviceAccountName: {{ template "sumologic.metadata.name.setup.roles.serviceaccount" . }}
 {{- if not (empty (include "setup.job.nodeSelector" .)) }}

diff --git a/deploy/helm/sumologic/values.yaml b/deploy/helm/sumologic/values.yaml
@@ -2347,7 +2347,7 @@ telegraf-operator:
 ## Configure Falco
 ## Please note that Falco is embedded in this Helm Chart for user convenience only - Sumo Logic does not provide production support for it
 ## This is an experimental configuration and shouldn't be used in production environment
-## https://github.com/falcosecurity/charts/tree/master/falco
+## https://github.com/falcosecurity/charts/blob/master/charts/falco/values.yaml
 falco:
   enabled: false
 

diff --git a/docs/working-with-container-registries.md b/docs/working-with-container-registries.md
@@ -18,7 +18,7 @@ kubectl create secret docker-registry ${SECRET_NAME} \
   --docker-password=$(aws ecr-public --region us-east-1 get-login-password)
 ```
 
-After creating the secret one can use it in the following way:
+After creating the secret, one can use it in the following way:
 
 ```yaml
 sumologic:

diff --git a/tests/helm/common_test.go b/tests/helm/common_test.go
@@ -475,6 +475,24 @@ func GetTolerations(object unstructured.Unstructured) ([]corev1.Toleration, erro
 	return nil, nil
 }
 
+func ContainsImagePullSecret(imagePullSecrets []corev1.LocalObjectReference, expectedSecret string) bool {
+	for _, secret := range imagePullSecrets {
+		if secret.Name == expectedSecret {
+			return true
+		}
+	}
+	return false
+}
+
+// func ObjectUsesPullSecrets(objectName string, namesToCheck map[string]struct{}) bool {
+// 	for name := range namesToCheck {
+// 		if strings.Contains(objectName, name) {
+// 			return true
+// 		}
+// 	}
+// 	return false
+// }
+
 func TestNamespaceOverride(t *testing.T) {
 	valuesFilePath := path.Join(testDataDirectory, "everything-enabled.yaml")
 	namespaceOverride := "override"
@@ -692,3 +710,68 @@ func TestCustomServiceAccountAnnotations(t *testing.T) {
 		}
 	}
 }
+
+func TestCustomImagePullSecrets(t *testing.T) {
+	t.Parallel()
+	valuesFilePath := path.Join(testDataDirectory, "custom-global-config-attributes.yaml")
+	renderedYamlString := RenderTemplate(
+		t,
+		&helm.Options{
+			ValuesFiles: []string{valuesFilePath},
+			SetStrValues: map[string]string{
+				"sumologic.accessId":  "accessId",
+				"sumologic.accessKey": "accessKey",
+			},
+			Logger: logger.Discard,
+		},
+		chartDirectory,
+		releaseName,
+		[]string{},
+		true,
+		"--namespace",
+		defaultNamespace,
+	)
+
+	renderedObjects := UnmarshalMultipleFromYaml[unstructured.Unstructured](t, renderedYamlString)
+
+	for _, renderedObject := range renderedObjects {
+		kind := renderedObject.GetObjectKind().GroupVersionKind().Kind
+		// name := renderedObject.GetName()
+
+		/**
+		1.  objects that uses pull secrets
+			https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/main/docs/working-with-container-registries.md?plain=1#L37-L50
+
+		2. have a test for service account pull secrets: TestServiceAccountPullSecrets
+		*/
+		// if !ObjectUsesPullSecrets(name, namesToCheck) || kind == "ServiceAccount" {
+		// 	continue
+		// }
+
+		// have a test for service account pull secrets: TestServiceAccountPullSecrets
+		if kind == "ServiceAccount" {
+			continue
+		}
+
+		podTemplateSpec, err := GetPodTemplateSpec(renderedObject)
+		if err != nil {
+			t.Logf("Error getting PodTemplateSpec for object %s: %v", renderedObject.GetName(), err)
+			continue
+		}
+
+		if podTemplateSpec == nil {
+			t.Logf("PodTemplateSpec is nil for object %s", renderedObject.GetName())
+			continue
+		}
+
+		require.NotEmpty(t, podTemplateSpec.Spec.ImagePullSecrets, "%s %s should have imagePullSecrets", kind, renderedObject.GetName())
+		assert.True(
+			t,
+			ContainsImagePullSecret(podTemplateSpec.Spec.ImagePullSecrets, customImagePullSecrets),
+			"Expected imagePullSecret %v not found in %s %s",
+			customImagePullSecrets,
+			kind,
+			renderedObject.GetName(),
+		)
+	}
+}
diff --git a/tests/helm/const.go b/tests/helm/const.go
@@ -23,6 +23,7 @@ const (
 	customLabelValue         = "customLabelValue"
 	customAnnotationsKey     = "customAnnotationsKey"
 	customAnnotationsValue   = "customAnnotationsValue"
+	customImagePullSecrets   = "customImagePullSecrets"
 )
 
 var subChartNames []string = []string{

diff --git a/tests/helm/testdata/custom-global-config-attributes.yaml b/tests/helm/testdata/custom-global-config-attributes.yaml
@@ -1,22 +1,32 @@
 sumologic:
+  pullSecrets:
+    - name: customImagePullSecrets
   metrics:
     remoteWriteProxy:
       enabled: true
-
   podLabels:
     customLabelKey: customLabelValue
   podAnnotations:
     customAnnotationsKey: customAnnotationsValue
   serviceAccount:
     annotations:
       customServiceAccountAnnotationKey: customServiceAccountAnnotationValue
+  setup:
+    job:
+      pullSecrets:
+        - name: customImagePullSecrets
 
 kube-prometheus-stack:
+  global:
+    imagePullSecrets:
+      - name: customImagePullSecrets
   kube-state-metrics:
     customLabels:
       customLabelKey: customLabelValue
     podAnnotations:
       customAnnotationsKey: customAnnotationsValue
+    imagePullSecrets:
+      - name: customImagePullSecrets      
   prometheus:
     enabled: true
     prometheusSpec:
@@ -26,6 +36,8 @@ kube-prometheus-stack:
         annotations:
           customAnnotationsKey: customAnnotationsValue
   prometheus-node-exporter:
+    imagePullSecrets:
+      - name: customImagePullSecrets
     podLabels:
       customLabelKey: customLabelValue
     podAnnotations:
@@ -40,6 +52,8 @@ opentelemetry-operator:
 
 falco:
   enabled: true
+  imagePullSecrets:
+    - name: customImagePullSecrets
   podLabels:
     customLabelKey: customLabelValue
   podAnnotations:
@@ -51,3 +65,9 @@ prometheus-windows-exporter:
     customLabelKey: customLabelValue
   podAnnotations:
     customAnnotationsKey: customAnnotationsValue
+  imagePullSecrets:
+    - name: customImagePullSecrets
+
+opentelemetry-operator:
+  imagePullSecrets:
+    - name: customImagePullSecrets