mirror of
https://github.com/actions/actions-runner-controller.git
synced 2026-01-16 08:44:03 +08:00
111 lines
3.5 KiB
YAML
111 lines
3.5 KiB
YAML
suite: "Test AutoscalingRunnerSet Vault Config"
|
|
templates:
|
|
- autoscalingrunnserset.yaml
|
|
tests:
|
|
- it: should not render vaultConfig when secretResolution.type is kubernetes
|
|
set:
|
|
scaleset.name: "test"
|
|
auth.url: "https://github.com/org"
|
|
auth.githubToken: "gh_token12345"
|
|
controllerServiceAccount.name: "arc"
|
|
controllerServiceAccount.namespace: "arc-system"
|
|
secretResolution:
|
|
type: kubernetes
|
|
release:
|
|
name: "test-name"
|
|
namespace: "test-namespace"
|
|
asserts:
|
|
- notExists:
|
|
path: spec.vaultConfig
|
|
|
|
- it: should render azureKeyVault vaultConfig when configured
|
|
set:
|
|
scaleset.name: "test"
|
|
auth.url: "https://github.com/org"
|
|
auth.githubToken: "gh_token12345"
|
|
controllerServiceAccount.name: "arc"
|
|
controllerServiceAccount.namespace: "arc-system"
|
|
secretResolution:
|
|
type: azureKeyVault
|
|
azureKeyVault:
|
|
url: "https://myvault.vault.azure.net"
|
|
tenantId: "tenant-123"
|
|
clientId: "client-456"
|
|
certificatePath: "/etc/certs/akv.pem"
|
|
secretKey: "secret-key-name"
|
|
release:
|
|
name: "test-name"
|
|
namespace: "test-namespace"
|
|
asserts:
|
|
- equal:
|
|
path: spec.vaultConfig.type
|
|
value: azureKeyVault
|
|
- equal:
|
|
path: spec.vaultConfig.azureKeyVault.url
|
|
value: "https://myvault.vault.azure.net"
|
|
- equal:
|
|
path: spec.vaultConfig.azureKeyVault.tenantId
|
|
value: "tenant-123"
|
|
- equal:
|
|
path: spec.vaultConfig.azureKeyVault.clientId
|
|
value: "client-456"
|
|
- equal:
|
|
path: spec.vaultConfig.azureKeyVault.certificatePath
|
|
value: "/etc/certs/akv.pem"
|
|
- equal:
|
|
path: spec.vaultConfig.azureKeyVault.secretKey
|
|
value: "secret-key-name"
|
|
|
|
- it: should render vaultConfig proxy when configured
|
|
set:
|
|
scaleset.name: "test"
|
|
auth.url: "https://github.com/org"
|
|
auth.githubToken: "gh_token12345"
|
|
controllerServiceAccount.name: "arc"
|
|
controllerServiceAccount.namespace: "arc-system"
|
|
secretResolution:
|
|
type: azureKeyVault
|
|
proxy:
|
|
http:
|
|
url: "http://proxy.example.com:3128"
|
|
credentialSecretRef: "proxy-credentials"
|
|
noProxy:
|
|
- "localhost"
|
|
azureKeyVault:
|
|
url: "https://myvault.vault.azure.net"
|
|
tenantId: "tenant-123"
|
|
clientId: "client-456"
|
|
certificatePath: "/etc/certs/akv.pem"
|
|
secretKey: "secret-key-name"
|
|
release:
|
|
name: "test-name"
|
|
namespace: "test-namespace"
|
|
asserts:
|
|
- equal:
|
|
path: spec.vaultConfig.proxy.http.url
|
|
value: "http://proxy.example.com:3128"
|
|
- equal:
|
|
path: spec.vaultConfig.proxy.http.credentialSecretRef
|
|
value: "proxy-credentials"
|
|
- contains:
|
|
path: spec.vaultConfig.proxy.noProxy
|
|
content: "localhost"
|
|
- notExists:
|
|
path: spec.proxy
|
|
|
|
- it: should fail for unsupported secretResolution.type
|
|
set:
|
|
scaleset.name: "test"
|
|
auth.url: "https://github.com/org"
|
|
auth.githubToken: "gh_token12345"
|
|
controllerServiceAccount.name: "arc"
|
|
controllerServiceAccount.namespace: "arc-system"
|
|
secretResolution:
|
|
type: "hashicorpVault"
|
|
release:
|
|
name: "test-name"
|
|
namespace: "test-namespace"
|
|
asserts:
|
|
- failedTemplate:
|
|
errorMessage: "Unsupported keyVault type: hashicorpVault"
|