From 79ad7f1ae3b995819720f5819dfc2cf887c11f30 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 21 Oct 2024 12:27:43 +0100 Subject: [PATCH] fix(helm/provisioner): fail if psk and key are both set --- helm/provisioner/templates/_coder.tpl | 2 + helm/provisioner/tests/chart_test.go | 2 +- .../testdata/provisionerd_psk_and_key.golden | 142 ------------------ 3 files changed, 3 insertions(+), 143 deletions(-) delete mode 100644 helm/provisioner/tests/testdata/provisionerd_psk_and_key.golden diff --git a/helm/provisioner/templates/_coder.tpl b/helm/provisioner/templates/_coder.tpl index 108edc5795aab..9c2b2dece130f 100644 --- a/helm/provisioner/templates/_coder.tpl +++ b/helm/provisioner/templates/_coder.tpl @@ -34,6 +34,8 @@ env: value: "0.0.0.0:2112" {{- if and (empty .Values.provisionerDaemon.pskSecretName) (empty .Values.provisionerDaemon.keySecretName) }} {{ fail "Either provisionerDaemon.pskSecretName or provisionerDaemon.keySecretName must be specified." }} +{{- else if and (.Values.provisionerDaemon.pskSecretName) (.Values.provisionerDaemon.keySecretName) }} +{{ fail "Either provisionerDaemon.pskSecretName or provisionerDaemon.keySecretName must be specified, but not both." }} {{- end }} {{- if .Values.provisionerDaemon.pskSecretName }} - name: CODER_PROVISIONER_DAEMON_PSK diff --git a/helm/provisioner/tests/chart_test.go b/helm/provisioner/tests/chart_test.go index 7eb69fe36f822..ab6d8445e8f61 100644 --- a/helm/provisioner/tests/chart_test.go +++ b/helm/provisioner/tests/chart_test.go @@ -58,7 +58,7 @@ var testCases = []testCase{ }, { name: "provisionerd_psk_and_key", - expectedError: "", + expectedError: `Either provisionerDaemon.pskSecretName or provisionerDaemon.keySecretName must be specified, but not both.`, }, { name: "provisionerd_no_psk_or_key", diff --git a/helm/provisioner/tests/testdata/provisionerd_psk_and_key.golden b/helm/provisioner/tests/testdata/provisionerd_psk_and_key.golden deleted file mode 100644 index 6ddaf8f292211..0000000000000 --- a/helm/provisioner/tests/testdata/provisionerd_psk_and_key.golden +++ /dev/null @@ -1,142 +0,0 @@ ---- -# Source: coder-provisioner/templates/coder.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: coder-provisioner - app.kubernetes.io/part-of: coder-provisioner - app.kubernetes.io/version: 0.1.0 - helm.sh/chart: coder-provisioner-0.1.0 - name: coder-provisioner ---- -# Source: coder-provisioner/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: coder-provisioner-workspace-perms -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -# Source: coder-provisioner/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "coder-provisioner" -subjects: - - kind: ServiceAccount - name: "coder-provisioner" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: coder-provisioner-workspace-perms ---- -# Source: coder-provisioner/templates/coder.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: coder-provisioner - app.kubernetes.io/part-of: coder-provisioner - app.kubernetes.io/version: 0.1.0 - helm.sh/chart: coder-provisioner-0.1.0 - name: coder-provisioner -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: release-name - app.kubernetes.io/name: coder-provisioner - template: - metadata: - annotations: {} - labels: - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: coder-provisioner - app.kubernetes.io/part-of: coder-provisioner - app.kubernetes.io/version: 0.1.0 - helm.sh/chart: coder-provisioner-0.1.0 - spec: - containers: - - args: - - provisionerd - - start - command: - - /opt/coder - env: - - name: CODER_PROMETHEUS_ADDRESS - value: 0.0.0.0:2112 - - name: CODER_PROVISIONER_DAEMON_PSK - valueFrom: - secretKeyRef: - key: psk - name: coder-provisionerd-psk - - name: CODER_PROVISIONER_DAEMON_KEY - valueFrom: - secretKeyRef: - key: provisionerd-key - name: coder-provisionerd-key - - name: CODER_PROVISIONERD_TAGS - value: clusterType=k8s,location=auh - - name: CODER_URL - value: http://coder.default.svc.cluster.local - image: ghcr.io/coder/coder:latest - imagePullPolicy: IfNotPresent - lifecycle: {} - name: coder - ports: null - resources: {} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: null - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: [] - restartPolicy: Always - serviceAccountName: coder-provisioner - terminationGracePeriodSeconds: 600 - volumes: []