Merge pull request #447 from cyberark/check-missing-golden-cm-fields

Added checks for missing fields in Golden ConfigMap
cyberark · Feb 4, 2022 · b022306 · b022306
2 parents 678529d + f128f7d
commit b022306
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 12 deletions.
diff --git a/helm/conjur-config-namespace-prep/generated/conjur-config-namespace-prep.yaml b/helm/conjur-config-namespace-prep/generated/conjur-config-namespace-prep.yaml
@@ -1,7 +1,7 @@
 ---
 # Source: conjur-config-namespace-prep/templates/conjur_connect_configmap.yaml
-# The Conjur Connection Configmap contains references to Conjur credentials,
-# taken from the "Golden Configmap". These can be used to enable Conjur
+# The Conjur Connection ConfigMap contains references to Conjur credentials,
+# taken from the "Golden ConfigMap". These can be used to enable Conjur
 # authentication for applications to retrieve secrets securely.
 apiVersion: v1
 kind: ConfigMap

diff --git a/helm/conjur-config-namespace-prep/templates/conjur_connect_configmap.yaml b/helm/conjur-config-namespace-prep/templates/conjur_connect_configmap.yaml
@@ -1,6 +1,6 @@
 {{- if .Values.conjurConfigMap.create }}
-# The Conjur Connection Configmap contains references to Conjur credentials,
-# taken from the "Golden Configmap". These can be used to enable Conjur
+# The Conjur Connection ConfigMap contains references to Conjur credentials,
+# taken from the "Golden ConfigMap". These can be used to enable Conjur
 # authentication for applications to retrieve secrets securely.
 {{ $config := required "Both authnK8s.namespace and authnK8s.configMap are required" .Values.authnK8s -}}
 
@@ -19,10 +19,10 @@ metadata:
     app.kubernetes.io/part-of: "conjur-config"
     conjur.org/name: "conjur-connect-configmap"
 data:
-  CONJUR_ACCOUNT: {{ get $g "conjurAccount" }}
-  CONJUR_APPLIANCE_URL: {{ get $g "conjurApplianceUrl" }}
+  CONJUR_ACCOUNT: {{ get $g "conjurAccount" | required "conjurAccount must be set in Golden ConfigMap" }}
+  CONJUR_APPLIANCE_URL: {{ get $g "conjurApplianceUrl" | required "conjurApplianceUrl must be set in Golden ConfigMap" }}
   CONJUR_AUTHN_URL: {{ printf "%s/%s/%s" (get $g "conjurApplianceUrl" | trimSuffix "/") (.Values.conjurConfigMap.authnMethod) (get $g "authnK8sAuthenticatorID") }}
   CONJUR_SSL_CERTIFICATE: |- 
-{{ get $g "conjurSslCertificate" | indent 4 }}
-  CONJUR_AUTHENTICATOR_ID: {{ get $g "authnK8sAuthenticatorID" }}
+{{ get $g "conjurSslCertificate" | required "conjurSslCertificate must be set in Golden ConfigMap" | indent 4 }}
+  CONJUR_AUTHENTICATOR_ID: {{ get $g "authnK8sAuthenticatorID" | required "authnK8sAuthenticatorID must be set in Golden ConfigMap" }}
 {{- end }}
diff --git a/helm/conjur-config-namespace-prep/tests/conjur_connect_configmap_test.yaml b/helm/conjur-config-namespace-prep/tests/conjur_connect_configmap_test.yaml
@@ -6,6 +6,8 @@ templates:
 defaults: &defaultRequired
   authnK8s.goldenConfigMap: conjur-configmap
   authnK8s.namespace: golden
+  conjurConfigMap.authnStrategy: authn-k8s
+  test.mock.enable: true
 
 tests:
   #=======================================================================
@@ -23,8 +25,6 @@ tests:
     set:
       # Set required values
       <<: *defaultRequired
-      test.mock.enable: true
-      conjurConfigMap.authnStrategy: "authn-k8s"
 
     asserts:
       # Confirm that a ConfigMap has been created
@@ -78,8 +78,6 @@ tests:
   #=======================================================================
   - it: should fail if both Golden ConfigMap and NameSpace are not set
   #=======================================================================
-
-
     set:
       # Do not set the required values
       #authnK8s.goldenConfigMap: conjur-configmap
@@ -103,3 +101,63 @@ tests:
       - equal:
           path: metadata.name
           value: "my-awesome-configmap"
+
+
+  #=======================================================================
+  - it: should fail if conjurAccount is not set in Golden ConfigMap
+  #=======================================================================
+    set:
+      # Set required values
+      <<: *defaultRequired
+
+      # Clear entry for conjurAccount
+      test.mock.conjurAccount:
+
+    asserts:
+      - failedTemplate:
+          errorMessage: "conjurAccount must be set in Golden ConfigMap"
+
+
+  #=======================================================================
+  - it: should fail if conjurApplianceUrl is not set in Golden ConfigMap
+  #=======================================================================
+    set:
+      # Set required values
+      <<: *defaultRequired
+
+      # Clear entry for conjurApplianceUrl
+      test.mock.conjurApplianceUrl:
+
+    asserts:
+      - failedTemplate:
+          errorMessage: "conjurApplianceUrl must be set in Golden ConfigMap"
+
+
+  #=======================================================================
+  - it: should fail if authnK8sAuthenticatorID is not set in Golden ConfigMap
+  #=======================================================================
+    set:
+      # Set required values
+      <<: *defaultRequired
+
+      # Clear entry for conjurAuthenticatorID
+      test.mock.authnK8sAuthenticatorID:
+
+    asserts:
+      - failedTemplate:
+          errorMessage: "authnK8sAuthenticatorID must be set in Golden ConfigMap"
+
+
+  #=======================================================================
+  - it: should fail if conjurSslCertificate is not set in Golden ConfigMap
+  #=======================================================================
+    set:
+      # Set required values
+      <<: *defaultRequired
+
+      # Clear entry for conjurSslCertificate
+      test.mock.conjurSslCertificate:
+
+    asserts:
+      - failedTemplate:
+          errorMessage: "conjurSslCertificate must be set in Golden ConfigMap"