Jeffgolden/sc 38476/testing for kots pull

pkg/tests/pull/cases/configcontext/testcase.yaml

@@ -0,0 +1,14 @@
+Name: test helm pull
+PullOptions:
+  ExcludeAdminConsole: true
+  IsAirgap: true
+  Silent: true
+  LocalPath: cases/configcontext/upstream
+  RootDir: cases/configcontext/results
+  SharedPassword: dummy-pass
+  RewriteImages: true
+  RewriteImageOptions:
+    Host: proxy.replicated.com
+    Username: test
+    Password: fake-pass
+    IsReadOnly: true

pkg/tests/pull/cases/configcontext/upstream/config.yaml

@@ -0,0 +1,19 @@
+apiVersion: kots.io/v1beta1
+kind: Config
+metadata:
+  name: my-app
+spec:
+  groups:
+    - name: setup
+      title: Setup
+      items:
+        - name: hostname
+          type: text
+          title: Hostname
+          help_text: |
+            Use this field to provide a hostname for your Example Application installation.
+          required: true
+        - name: helm
+          title: Include helm
+          type: text
+          default: "no"

pkg/tests/pull/cases/configcontext/upstream/subdir/configmap.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-config
+data:
+  configOptionHostname: {{repl ConfigOption "hostname" }}

pkg/tests/pull/cases/configcontext/upstream/test-chart-2.yaml

@@ -0,0 +1,20 @@
+apiVersion: kots.io/v1beta1
+kind: HelmChart
+metadata:
+  name: test-chart-2
+spec:
+  # exclude: 'repl{{ ConfigOptionEquals "helm" "no" }}'
+  # chart identifies a matching chart from a .tgz
+  chart:
+    name: test-chart-2
+    chartVersion: 0.1.1
+  useHelmInstall: false
+  namespace: helmns-2
+
+  # values are used in the customer environment, as a pre-render step
+  # these values will be supplied to helm template
+  values: {}
+
+  # builder values provide a way to render the chart with all images
+  # and manifests. this is used in replicated to create airgap packages
+  builder: {}

pkg/tests/pull/cases/configcontext/upstream/test-chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: kots.io/v1beta1
+kind: HelmChart
+metadata:
+  name: test-chart
+spec:
+  # exclude: 'repl{{ ConfigOptionEquals "helm" "no" }}'
+  # chart identifies a matching chart from a .tgz
+  chart:
+    name: test-chart
+    chartVersion: 0.1.0
+  useHelmInstall: true
+  namespace: helmns
+
+  # values are used in the customer environment, as a pre-render step
+  # these values will be supplied to helm template
+  values: {}
+
+  # builder values provide a way to render the chart with all images
+  # and manifests. this is used in replicated to create airgap packages
+  builder: {}

pkg/tests/pull/cases/configcontext/upstream/userdata/config.yaml

@@ -0,0 +1,10 @@
+apiVersion: kots.io/v1beta1
+kind: ConfigValues
+metadata:
+  creationTimestamp: null
+  name: my-app
+spec:
+  values:
+    hostname:
+      value: "my-app.somebigbank.com"
+status: {}

pkg/tests/pull/cases/configcontext/upstream/userdata/license.yaml

@@ -0,0 +1,47 @@
+apiVersion: kots.io/v1beta1
+kind: License
+metadata:
+  name: testcustomer
+spec:
+  appSlug: my-app
+  channelID: 1vusIYZLAVxMG6q760OJmRKj5i5
+  channelName: My Channel
+  customerName: Test Customer
+  endpoint: https://replicated.app
+  entitlements:
+    bool_field:
+      title: Bool Field
+      value: true
+      valueType: Boolean
+    expires_at:
+      description: License Expiration
+      title: Expiration
+      value: "2030-07-27T00:00:00Z"
+      valueType: String
+    hidden_field:
+      isHidden: true
+      title: Hidden Field
+      value: this is secret
+      valueType: String
+    int_field:
+      title: Int Field
+      value: 123
+      valueType: Integer
+    string_field:
+      title: StringField
+      value: single line text
+      valueType: String
+    text_field:
+      title: Text Field
+      value: |-
+        multi
+        line
+        text
+      valueType: Text
+  isAirgapSupported: true
+  isGitOpsSupported: true
+  isSnapshotSupported: true
+  licenseID: 1vusOokxAVp1tkRGuyxnF23PJcq
+  licenseSequence: 7
+  licenseType: prod
+  signature: eyJsaWNlbnNlRGF0YSI6ImV5SmhjR2xXWlhKemFXOXVJam9pYTI5MGN5NXBieTkyTVdKbGRHRXhJaXdpYTJsdVpDSTZJa3hwWTJWdWMyVWlMQ0p0WlhSaFpHRjBZU0k2ZXlKdVlXMWxJam9pZEdWemRHTjFjM1J2YldWeUluMHNJbk53WldNaU9uc2liR2xqWlc1elpVbEVJam9pTVhaMWMwOXZhM2hCVm5BeGRHdFNSM1Y1ZUc1R01qTlFTbU54SWl3aWJHbGpaVzV6WlZSNWNHVWlPaUp3Y205a0lpd2lZM1Z6ZEc5dFpYSk9ZVzFsSWpvaVZHVnpkQ0JEZFhOMGIyMWxjaUlzSW1Gd2NGTnNkV2NpT2lKdGVTMWhjSEFpTENKamFHRnVibVZzU1VRaU9pSXhkblZ6U1ZsYVRFRldlRTFITm5FM05qQlBTbTFTUzJvMWFUVWlMQ0pqYUdGdWJtVnNUbUZ0WlNJNklrMTVJRU5vWVc1dVpXd2lMQ0pzYVdObGJuTmxVMlZ4ZFdWdVkyVWlPamNzSW1WdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5eVpYQnNhV05oZEdWa0xtRndjQ0lzSW1WdWRHbDBiR1Z0Wlc1MGN5STZleUppYjI5c1gyWnBaV3hrSWpwN0luUnBkR3hsSWpvaVFtOXZiQ0JHYVdWc1pDSXNJblpoYkhWbElqcDBjblZsTENKMllXeDFaVlI1Y0dVaU9pSkNiMjlzWldGdUluMHNJbVY0Y0dseVpYTmZZWFFpT25zaWRHbDBiR1VpT2lKRmVIQnBjbUYwYVc5dUlpd2laR1Z6WTNKcGNIUnBiMjRpT2lKTWFXTmxibk5sSUVWNGNHbHlZWFJwYjI0aUxDSjJZV3gxWlNJNklqSXdNekF0TURjdE1qZFVNREE2TURBNk1EQmFJaXdpZG1Gc2RXVlVlWEJsSWpvaVUzUnlhVzVuSW4wc0ltaHBaR1JsYmw5bWFXVnNaQ0k2ZXlKMGFYUnNaU0k2SWtocFpHUmxiaUJHYVdWc1pDSXNJblpoYkhWbElqb2lkR2hwY3lCcGN5QnpaV055WlhRaUxDSjJZV3gxWlZSNWNHVWlPaUpUZEhKcGJtY2lMQ0pwYzBocFpHUmxiaUk2ZEhKMVpYMHNJbWx1ZEY5bWFXVnNaQ0k2ZXlKMGFYUnNaU0k2SWtsdWRDQkdhV1ZzWkNJc0luWmhiSFZsSWpveE1qTXNJblpoYkhWbFZIbHdaU0k2SWtsdWRHVm5aWElpZlN3aWMzUnlhVzVuWDJacFpXeGtJanA3SW5ScGRHeGxJam9pVTNSeWFXNW5SbWxsYkdRaUxDSjJZV3gxWlNJNkluTnBibWRzWlNCc2FXNWxJSFJsZUhRaUxDSjJZV3gxWlZSNWNHVWlPaUpUZEhKcGJtY2lmU3dpZEdWNGRGOW1hV1ZzWkNJNmV5SjBhWFJzWlNJNklsUmxlSFFnUm1sbGJHUWlMQ0oyWVd4MVpTSTZJbTExYkhScFhHNXNhVzVsWEc1MFpYaDBJaXdpZG1Gc2RXVlVlWEJsSWpvaVZHVjRkQ0o5ZlN3aWFYTkJhWEpuWVhCVGRYQndiM0owWldRaU9uUnlkV1VzSW1selIybDBUM0J6VTNWd2NHOXlkR1ZrSWpwMGNuVmxMQ0pwYzFOdVlYQnphRzkwVTNWd2NHOXlkR1ZrSWpwMGNuVmxmWDA9IiwiaW5uZXJTaWduYXR1cmUiOiJleUpzYVdObGJuTmxVMmxuYm1GMGRYSmxJam9pYUhneE1XTXZUR1ozUTNoVE5YRmtRWEJGU1hGdVRrMU9NMHBLYTJzNFZHZFhSVVpzVDFKVlJ6UjJjR1YzZEZoV1YzbG1lamRZY0hBd1ExazJZamRyUVRSS2N6TklhR3d3YkZJMFdUQTFMemN2UVVkQ2FEZFZNSGczUkhaTVozUXpVM00wYm5GTFZTdFhXRXBTVHpKWVFVRnZSME4xZFRWR1RGcHJRVWhYY1RSUVFtMXphSFY2Y1ZsdmNucHhlbGhGWVZWVlpFUlVkVXhDTW1nNWFIZ3dXRWhQUmxwUk16bHVkbTlPUjJaT2R5OTRTVmRaZEhSUGRYZHZhMncyTVZsb1JVeFZlRmQxU1ZSRmMwTlVhM2xtTVRNd09IazVSbFJzWlRKeVYyZEVlSEZNYTBSUFNXVXlPRWwzUzJSQkwySXdWVUl5VEZGbVRWcHdWemwyUTNCSkwybHlWek5uYmpaeU5WWjNWMjB2U1dweWJtNDNSelJrVmpadVYzcFRkMGhQUTJSdWEwMTRNRXQ1VVVOa0wxQjFaWEpUYjNSdVEwOXRTMDEzWlRSTGJqaERkMU5YVVRRNGRURkRNbTFpV1VzeGRYTlpOM1YzUFQwaUxDSndkV0pzYVdOTFpYa2lPaUl0TFMwdExVSkZSMGxPSUZCVlFreEpReUJMUlZrdExTMHRMVnh1VFVsSlFrbHFRVTVDWjJ0eGFHdHBSemwzTUVKQlVVVkdRVUZQUTBGUk9FRk5TVWxDUTJkTFEwRlJSVUZ6TkhKdlVIcDFhV1JNZVhOMmIxWTJkemxhTkZ4dVdHRmliME5tWTJNeGFHZFZhQ3N3V1VkS2NFNURSVXhyTjBaTFF5OTJhemR6ZERsR05tY3dUMjlrU0VSbGVYZFJXa2hLZFU1TVpsUnNRbEJHUTJOaU5seHVObTlzVEZOeWNGQTRjbFUzU0d4SGJsRkVSMFJNYVhkS1EyaGtSRGRVVUdSM2FXdHBkMHRGY201aldqaEdaalZsU25vd2RETmlUWFpyVDJaVVluSkJiRnh1WWtGQ1kwbzVNVmxVT1hKdVVXOXFkVWN4UldKUVRqaEZWblI2TWxZNE5IZHViR2Q0TUhCd2JEVjRPSFpOYlhwcE1ISnVibEZVV1VGamJ6WnFhMnBJTTF4dVRuTlVkWE4xUzFkdlJGUjVNWE5yZGtSUk9IbEJZV0ptWTNNME4zWnNRazAwU0RGT1JFNHZSSFJhWWxZdllubDJia0o2YkM4eFZrVnpURmRqWlZWcFRGeHVSWEYxT0VkeWF5dFFVRGQyUkdSd2JFUjNjWFpQV2t4RmRYazNkamhuUm01U09WUlVSV3ByTlVvNWRuWlVTR2RtU25VemVubEVPR2xLWTBSRE5YcHFPVnh1YjFGSlJFRlJRVUpjYmkwdExTMHRSVTVFSUZCVlFreEpReUJMUlZrdExTMHRMVnh1SWl3aWEyVjVVMmxuYm1GMGRYSmxJam9pWlhsS2VtRlhaSFZaV0ZJeFkyMVZhVTlwU2pCUldIQjJXVE5LVms1NmFGaFNSMlJzVVRKb2NtTklXa1ZVVlRsRldqQktXVTFGUmtaVFJFNUZVMGhLYkUxclRUTkxNSEJFVkROR2VGTnROVVJVVlRWVlltMDFiVnBGUm5sWldIQjZaRVJqTVZaSGFFeFBXRUpVVWtacmRrd3diek5aTUZaSlVteFdWRXd5T1VoV1JXeHNWa1ZPTUZSSE1WWlJNR04zVkd4R2JGa3pTblJUUm1zMFZVWk9hMVpWU2pCVU1WbDNZbXQwY0ZSclZuQmpia0poVFZjNWFtSldiSEZaYTNob1UyeHNWV0pGUmtWWGJVWnZWakZLVUZkcWJGSmhXRVp1V2xkb1EyRnVRak5TUjNNd1lWWkpOVTVXVmxkV1ZUVnlUMGhLYjFsVlRYbGhiVGcwVjBkYWVGbHFWbFppYlhoeFpFWkZkMDU1Y3pCaFZsSkpWRVpPTm1WRk1IcGxWWFJ2VFVaR1ZtRXdWVFJSVnpsSFVsaEtVRTFZUmxCU01WcFJVMVJDTmxsV2FIcFdWWEJ0WTBSU2JFMVVRazlPVjNSU1ZucFdUMU5XWTNaU1ZYUkZVMGhzYlU5VmJGaGtNMUl3WTFWc1lXTlhSakJTYTA1RVlVWmtjbUo2VmtSU00wSllUREkxUmsxWVl6SmxWM1JKVlZoQk1sVXhTbEppU0Zwd1VrVXdNRlpFVWt0VU1rWnNVVmQwYzFSV1VrMVVWV055V1RCYVRHSXpaRTlUVm05NVlraE9SR1JzVG5aUmFrWmFaVmRPVGxOVlNteGFiRXB1Wld0U2RVMHhSVGxRVTBselNXMWtjMkl5U21oaVJYUnNaVlZzYTBscWIybFpiVkpzV2xSVk1rNVVXWGRaTWxwcFRrUk9hazlYU1hsUFIwcHRUMVJvYkZsWFRtaGFiVVV5VGtSWmFXWlJQVDBpZlE9PSJ9

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart-2/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 1.16.0
+description: A Helm chart for Kubernetes
+name: test-chart-2
+type: application
+version: 0.1.1

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart-2/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- test-1.yaml
+- test-2.yaml
+- test-3.yaml
+- test-4.yaml
+- test-5.yaml

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart-2/test-1.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    owned-by: security-team
+  labels:
+    owner: a-generated-owner-name
+  name: security-scanner-2
+  namespace: helmns-2
+stringData:
+  key: a super duper secret key

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart-2/test-2.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-test-example-chart-test-connection-2
+  namespace: helmns-2
+spec:
+  containers:
+  - args:
+    - security-test-example-chart:80
+    command:
+    - wget
+    image: busybox
+    name: wget
+  restartPolicy: Never

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart-2/test-3.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: security-test-example-chart-2
+  namespace: helmns-2
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: security-test
+      app.kubernetes.io/name: example-chart
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: security-test
+        app.kubernetes.io/name: example-chart
+    spec:
+      containers:
+      - env:
+        - name: SECURITY_SCANNER_KEY_001
+          valueFrom:
+            secretKeyRef:
+              key: key
+              name: security-scanner
+        image: nginx:latest
+        name: my-security-container
+      - command:
+        - /bin/sleep
+        - "9000"
+        image: alpine:3.4
+        name: waiter

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart-2/test-4.yaml

@@ -0,0 +1,21 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels: null
+  name: post-install-job-2
+  namespace: helmns-2
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: security-test
+    spec:
+      containers:
+      - command:
+        - sh
+        - -c
+        - sleep 10
+        image: alpine
+        imagePullPolicy: IfNotPresent
+        name: hook-test
+      restartPolicy: Never

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart-2/test-5.yaml

@@ -0,0 +1,21 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels: null
+  name: pre-install-job-2
+  namespace: helmns-2
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: security-test
+    spec:
+      containers:
+      - command:
+        - sh
+        - -c
+        - sleep 10
+        image: alpine
+        imagePullPolicy: IfNotPresent
+        name: hook-test
+      restartPolicy: Never

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 1.16.0
+description: A Helm chart for Kubernetes
+name: test-chart
+type: application
+version: 0.1.0

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- test-1.yaml
+- test-2.yaml
+- test-3.yaml
+- test-4.yaml
+- test-5.yaml

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart/test-1.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    owned-by: security-team
+  labels:
+    owner: a-generated-owner-name
+  name: security-scanner
+  namespace: helmns
+stringData:
+  key: a super duper secret key

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart/test-2.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: security-test
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: example-chart
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: example-chart-0.1.0
+  name: security-test-example-chart
+  namespace: helmns
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: security-test
+      app.kubernetes.io/name: example-chart
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: security-test
+        app.kubernetes.io/name: example-chart
+    spec:
+      containers:
+      - env:
+        - name: SECURITY_SCANNER_KEY_001
+          valueFrom:
+            secretKeyRef:
+              key: key
+              name: security-scanner
+        image: nginx:latest
+        name: my-security-container
+      - command:
+        - /bin/sleep
+        - "9000"
+        image: alpine:3.4
+        name: waiter

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart/test-3.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    helm.sh/hook: test-success
+  labels:
+    app.kubernetes.io/instance: security-test
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: example-chart
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: example-chart-0.1.0
+  name: security-test-example-chart-test-connection
+  namespace: helmns
+spec:
+  containers:
+  - args:
+    - security-test-example-chart:80
+    command:
+    - wget
+    image: busybox
+    name: wget
+  restartPolicy: Never

pkg/tests/pull/cases/configcontext/wantResults/base/charts/test-chart/test-4.yaml

@@ -0,0 +1,24 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    helm.sh/hook: post-install
+    helm.sh/hook-weight: "2"
+  labels: null
+  name: post-install-job
+  namespace: helmns
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: security-test
+    spec:
+      containers:
+      - command:
+        - sh
+        - -c
+        - sleep 10
+        image: alpine
+        imagePullPolicy: IfNotPresent
+        name: hook-test
+      restartPolicy: Never