[v14] fix agent config tempalting when using appResource and discovery (

#35783) * fix agent config tempalting when using appResource and discovery * add snapshot test
gravitational · Dec 15, 2023 · 4691b12 · 4691b12
1 parent dfc176f
commit 4691b12
Show file tree

Hide file tree

Showing 5 changed files with 144 additions and 65 deletions.
diff --git a/examples/chart/teleport-kube-agent/.lint/app-discovery-full.yaml b/examples/chart/teleport-kube-agent/.lint/app-discovery-full.yaml
@@ -0,0 +1,11 @@
+roles: app,discovery
+proxyAddr: teleport.example.com
+kubeClusterName: example
+apps:
+ - name: test
+   uri: https://console.aws.amazon.com/ec2/v2/home
+   labels:
+     env: test
+appResources:
+  - labels:
+      "*": "*"
diff --git a/...eport-kube-agent/.lint/app-discovery.yaml → ...be-agent/.lint/app-discovery-minimal.yaml b/...eport-kube-agent/.lint/app-discovery.yaml → ...be-agent/.lint/app-discovery-minimal.yaml
diff --git a/examples/chart/teleport-kube-agent/templates/_config.tpl b/examples/chart/teleport-kube-agent/templates/_config.tpl
@@ -16,7 +16,7 @@ teleport:
   auth_servers: ["{{ required "proxyAddr is required in chart values" .Values.proxyAddr }}"]
   {{- end }}
   {{- if .Values.caPin }}
-  ca_pin: {{- toYaml .Values.caPin | nindent 8 }}
+  ca_pin: {{- toYaml .Values.caPin | nindent 4 }}
   {{- end }}
   log:
     severity: {{ $logLevel }}
@@ -30,7 +30,7 @@ kubernetes_service:
   enabled: true
   kube_cluster_name: {{ required "kubeClusterName is required in chart values when kube role is enabled, see README" .Values.kubeClusterName }}
     {{- if .Values.labels }}
-  labels: {{- toYaml .Values.labels | nindent 8 }}
+  labels: {{- toYaml .Values.labels | nindent 4 }}
     {{- end }}
   {{- else }}
   enabled: false
@@ -56,16 +56,16 @@ app_service:
       {{- end }}
     {{- end }}
   apps:
-    {{- toYaml .Values.apps | nindent 8 }}
+    {{- toYaml .Values.apps | nindent 4 }}
     {{- end }}
   resources:
     {{- if .Values.appResources }}
-      {{- toYaml .Values.appResources | nindent 8 }}
+      {{- toYaml .Values.appResources | nindent 4 }}
     {{- end }}
     {{- if $appDiscoveryEnabled }}
-  - labels:
-      "teleport.dev/kubernetes-cluster": "{{ required "kubeClusterName is required in chart values when kube or discovery role is enabled, see README" .Values.kubeClusterName }}"
-      "teleport.dev/origin": "discovery-kubernetes"
+    - labels:
+        "teleport.dev/kubernetes-cluster": "{{ required "kubeClusterName is required in chart values when kube or discovery role is enabled, see README" .Values.kubeClusterName }}"
+        "teleport.dev/origin": "discovery-kubernetes"
     {{- end }}
   {{- else }}
   enabled: false
@@ -90,11 +90,11 @@ db_service:
         {{- fail "'tags' is required for all 'awsDatabases' in chart values when key is set and db role is enabled, see README" }}
       {{- end }}
     {{- end }}
-    {{- toYaml .Values.awsDatabases | nindent 6 }}
+    {{- toYaml .Values.awsDatabases | nindent 4 }}
   {{- end }}
   {{- if .Values.azureDatabases }}
   azure:
-    {{- toYaml .Values.azureDatabases | nindent 6 }}
+    {{- toYaml .Values.azureDatabases | nindent 4 }}
   {{- end}}
   {{- if .Values.databases }}
   databases:
@@ -109,11 +109,11 @@ db_service:
         {{- fail "'protocol' is required for all 'databases' in chart values when db role is enabled, see README" }}
       {{- end }}
     {{- end }}
-    {{- toYaml .Values.databases | nindent 6 }}
+    {{- toYaml .Values.databases | nindent 4 }}
   {{- end }}
   {{- if .Values.databaseResources }}
   resources:
-    {{- toYaml .Values.databaseResources | nindent 6 }}
+    {{- toYaml .Values.databaseResources | nindent 4 }}
   {{- end }}
 {{- else }}
   enabled: false

diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/config_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/config_test.yaml.snap
@@ -261,6 +261,116 @@ matches snapshot for all-v6.yaml:
         kubernetes.io/config-different: 2
       name: RELEASE-NAME
       namespace: NAMESPACE
+matches snapshot for app-discovery-full.yaml:
+  1: |
+    apiVersion: v1
+    data:
+      teleport.yaml: |-
+        app_service:
+          apps:
+          - labels:
+              env: test
+            name: test
+            uri: https://console.aws.amazon.com/ec2/v2/home
+          enabled: true
+          resources:
+          - labels:
+              '*': '*'
+          - labels:
+              teleport.dev/kubernetes-cluster: example
+              teleport.dev/origin: discovery-kubernetes
+        auth_service:
+          enabled: false
+        db_service:
+          enabled: false
+        discovery_service:
+          discovery_group: example
+          enabled: true
+          kubernetes:
+          - labels:
+              '*': '*'
+            namespaces:
+            - '*'
+            types:
+            - app
+        kubernetes_service:
+          enabled: false
+        proxy_service:
+          enabled: false
+        ssh_service:
+          enabled: false
+        teleport:
+          join_params:
+            method: token
+            token_name: /etc/teleport-secrets/auth-token
+          log:
+            format:
+              extra_fields:
+              - timestamp
+              - level
+              - component
+              - caller
+              output: text
+            output: stderr
+            severity: INFO
+          proxy_server: teleport.example.com
+        version: v3
+    kind: ConfigMap
+    metadata:
+      name: RELEASE-NAME
+      namespace: NAMESPACE
+matches snapshot for app-discovery-minimal.yaml:
+  1: |
+    apiVersion: v1
+    data:
+      teleport.yaml: |-
+        app_service:
+          enabled: true
+          resources:
+          - labels:
+              teleport.dev/kubernetes-cluster: test-kube-cluster
+              teleport.dev/origin: discovery-kubernetes
+        auth_service:
+          enabled: false
+        db_service:
+          enabled: false
+        discovery_service:
+          discovery_group: test-kube-cluster
+          enabled: true
+          kubernetes:
+          - labels:
+              '*': '*'
+            namespaces:
+            - '*'
+            types:
+            - app
+        kubernetes_service:
+          enabled: true
+          kube_cluster_name: test-kube-cluster
+        proxy_service:
+          enabled: false
+        ssh_service:
+          enabled: false
+        teleport:
+          join_params:
+            method: token
+            token_name: /etc/teleport-secrets/auth-token
+          log:
+            format:
+              extra_fields:
+              - timestamp
+              - level
+              - component
+              - caller
+              output: text
+            output: stderr
+            severity: INFO
+          proxy_server: proxy.example.com:3080
+        version: v3
+    kind: ConfigMap
+    metadata:
+      name: RELEASE-NAME
+      namespace: NAMESPACE
 matches snapshot for aws-databases.yaml:
   1: |
     apiVersion: v1
@@ -1185,55 +1295,3 @@ matches snapshot for volumes.yaml:
     metadata:
       name: RELEASE-NAME
       namespace: NAMESPACE
-matches snapshot when app discovery is enabled:
-  1: |
-    apiVersion: v1
-    data:
-      teleport.yaml: |-
-        app_service:
-          enabled: true
-          resources:
-          - labels:
-              teleport.dev/kubernetes-cluster: test-kube-cluster
-              teleport.dev/origin: discovery-kubernetes
-        auth_service:
-          enabled: false
-        db_service:
-          enabled: false
-        discovery_service:
-          discovery_group: test-kube-cluster
-          enabled: true
-          kubernetes:
-          - labels:
-              '*': '*'
-            namespaces:
-            - '*'
-            types:
-            - app
-        kubernetes_service:
-          enabled: true
-          kube_cluster_name: test-kube-cluster
-        proxy_service:
-          enabled: false
-        ssh_service:
-          enabled: false
-        teleport:
-          join_params:
-            method: token
-            token_name: /etc/teleport-secrets/auth-token
-          log:
-            format:
-              extra_fields:
-              - timestamp
-              - level
-              - component
-              - caller
-              output: text
-            output: stderr
-            severity: INFO
-          proxy_server: proxy.example.com:3080
-        version: v3
-    kind: ConfigMap
-    metadata:
-      name: RELEASE-NAME
-      namespace: NAMESPACE
diff --git a/examples/chart/teleport-kube-agent/tests/config_test.yaml b/examples/chart/teleport-kube-agent/tests/config_test.yaml
@@ -290,9 +290,19 @@ tests:
           of: ConfigMap
       - matchSnapshot: {}
 
-  - it: matches snapshot when app discovery is enabled
+  - it: matches snapshot for app-discovery-minimal.yaml
     values:
-      - ../.lint/app-discovery.yaml
+      - ../.lint/app-discovery-minimal.yaml
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ConfigMap
+      - matchSnapshot: {}
+
+  - it: matches snapshot for app-discovery-full.yaml
+    values:
+      - ../.lint/app-discovery-full.yaml
     asserts:
       - hasDocuments:
           count: 1