-
Notifications
You must be signed in to change notification settings - Fork 3.7k
Expand file tree
/
Copy pathchart-computed-env_test.yaml
More file actions
50 lines (47 loc) · 1.83 KB
/
Copy pathchart-computed-env_test.yaml
File metadata and controls
50 lines (47 loc) · 1.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
suite: chart-computed env keys can't be overridden (round-8 regression net)
release:
name: t
namespace: sim
tests:
- it: app pod uses chart-computed DATABASE_URL even when user tries to override
template: deployment-app.yaml
set:
app.env.BETTER_AUTH_SECRET: x
app.env.ENCRYPTION_KEY: x
app.env.INTERNAL_API_SECRET: x
app.env.CRON_SECRET: x
app.env.DATABASE_URL: "should-be-ignored"
postgresql.auth.password: x
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content:
name: DATABASE_URL
value: "should-be-ignored"
- it: existingSecret inline path skips DATABASE_URL/SOCKET_SERVER_URL
template: deployment-app.yaml
set:
app.secrets.existingSecret.enabled: true
app.secrets.existingSecret.name: my-secret
app.env.DATABASE_URL: "postgres://evil-1:5432/x"
app.env.SOCKET_SERVER_URL: "https://evil-2.example.com"
postgresql.auth.password: x
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content: { name: DATABASE_URL, value: "postgres://evil-1:5432/x" }
- notContains:
path: spec.template.spec.containers[0].env
content: { name: SOCKET_SERVER_URL, value: "https://evil-2.example.com" }
- it: realtime pod existingSecret inline path skips chart-computed keys (round-8)
template: deployment-realtime.yaml
set:
app.secrets.existingSecret.enabled: true
app.secrets.existingSecret.name: my-secret
app.env.DATABASE_URL: "postgres://evil-1:5432/x"
app.env.SOCKET_SERVER_URL: "https://evil-2.example.com"
postgresql.auth.password: x
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content: { name: SOCKET_SERVER_URL, value: "https://evil-2.example.com" }