feature: Support configuring various properties as YAML directly. (ha…

…shicorp#565)

* feature: Support configuring various properties as YAML directly.
Supported properties include: pod tolerations, pod affinity, and node selectors.

.gitignore

@@ -10,3 +10,4 @@ vaul-helm-dev-creds.json
 ./test/unit/vaul-helm-dev-creds.json
 ./test/acceptance/values.yaml
 ./test/acceptance/values.yml
+.idea

Makefile

@@ -4,6 +4,9 @@ CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
 # set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
 ACCEPTANCE_TESTS?=acceptance
 
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
 # Generate json schema for chart values. See test/README.md for more details.
 values-schema:
 	helm schema-gen values.yaml > values.schema.json
@@ -12,7 +15,7 @@ test-image:
 	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
 
 test-unit:
-	@docker run -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats /helm-test/test/unit
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
 
 test-bats: test-unit test-acceptance
 

templates/_helpers.tpl

@@ -224,7 +224,12 @@ Set's the affinity for pod placement when running in standalone and HA modes.
 {{- define "vault.affinity" -}}
   {{- if and (ne .mode "dev") .Values.server.affinity }}
       affinity:
-        {{ tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
   {{ end }}
 {{- end -}}
 
@@ -234,17 +239,27 @@ Sets the injector affinity for pod placement
 {{- define "injector.affinity" -}}
   {{- if .Values.injector.affinity }}
       affinity:
-        {{ tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
   {{ end }}
 {{- end -}}
 
 {{/*
-Set's the toleration for pod placement when running in standalone and HA modes.
+Sets the toleration for pod placement when running in standalone and HA modes.
 */}}
 {{- define "vault.tolerations" -}}
   {{- if and (ne .mode "dev") .Values.server.tolerations }}
       tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
         {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
   {{- end }}
 {{- end -}}
 
@@ -254,7 +269,12 @@ Sets the injector toleration for pod placement
 {{- define "injector.tolerations" -}}
   {{- if .Values.injector.tolerations }}
       tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
         {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
   {{- end }}
 {{- end -}}
 
@@ -264,7 +284,12 @@ Set's the node selector for pod placement when running in standalone and HA mode
 {{- define "vault.nodeselector" -}}
   {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
       nodeSelector:
-        {{ tpl .Values.server.nodeSelector . | indent 8 | trim }}
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
   {{- end }}
 {{- end -}}
 
@@ -274,7 +299,12 @@ Sets the injector node selector for pod placement
 {{- define "injector.nodeselector" -}}
   {{- if .Values.injector.nodeSelector }}
       nodeSelector:
-        {{ tpl .Values.injector.nodeSelector . | indent 8 | trim }}
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
   {{- end }}
 {{- end -}}
 
@@ -519,7 +549,12 @@ Sets the injector toleration for pod placement
 {{- define "csi.pod.tolerations" -}}
   {{- if .Values.csi.pod.tolerations }}
       tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
         {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
   {{- end }}
 {{- end -}}
 

test/unit/csi-daemonset.bats

@@ -246,7 +246,7 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
-@test "csi/daemonset: tolerations can be set" {
+@test "csi/daemonset: tolerations can be set as string" {
   cd `chart_dir`
   local actual=$(helm template \
       --show-only templates/csi-daemonset.yaml  \
@@ -257,6 +257,17 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "csi/daemonset: tolerations can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/csi-daemonset.yaml  \
+      --set 'csi.enabled=true' \
+      --set "csi.pod.tolerations[0].foo=bar,csi.pod.tolerations[1].baz=qux" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # volumes
 

test/unit/injector-deployment.bats

@@ -432,7 +432,7 @@ load _helpers
   [ "${actual}" = "false" ]
 }
 
-@test "injector/deployment: affinity can be set" {
+@test "injector/deployment: affinity can be set as string" {
   cd `chart_dir`
   local actual=$(helm template \
       --show-only templates/injector-deployment.yaml  \
@@ -442,6 +442,16 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "injector/deployment: affinity can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/injector-deployment.yaml  \
+      --set 'injector.affinity.podAntiAffinity=foobar' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # tolerations
 
@@ -454,7 +464,7 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
-@test "injector/deployment: tolerations can be set" {
+@test "injector/deployment: tolerations can be set as string" {
   cd `chart_dir`
   local actual=$(helm template \
       --show-only templates/injector-deployment.yaml  \
@@ -464,6 +474,16 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "injector/deployment: tolerations can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/injector-deployment.yaml  \
+      --set "injector.tolerations[0].foo=bar,injector.tolerations[1].baz=qux" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # nodeSelector
 
@@ -476,7 +496,7 @@ load _helpers
   [ "${actual}" = "null" ]
 }
 
-@test "injector/deployment: nodeSelector can be set" {
+@test "injector/deployment: nodeSelector can be set as string" {
   cd `chart_dir`
   local actual=$(helm template \
       --show-only templates/injector-deployment.yaml \
@@ -486,6 +506,17 @@ load _helpers
   [ "${actual}" = "testing" ]
 }
 
+@test "injector/deployment: nodeSelector can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/injector-deployment.yaml \
+      --set "injector.nodeSelector.beta\.kubernetes\.io/arch=amd64" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+
 #--------------------------------------------------------------------
 # priorityClassName
 

test/unit/server-ha-statefulset.bats

@@ -571,7 +571,7 @@ load _helpers
   [ "${actual}" = "null" ]
 }
 
-@test "server/ha-StatefulSet: specified nodeSelector" {
+@test "server/ha-StatefulSet: specified nodeSelector as string" {
   cd `chart_dir`
   local actual=$(helm template \
       --show-only templates/server-statefulset.yaml \
@@ -582,6 +582,17 @@ load _helpers
   [ "${actual}" = "testing" ]
 }
 
+@test "server/ha-StatefulSet: nodeSelector can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.ha.enabled=true' \
+      --set "server.nodeSelector.beta\.kubernetes\.io/arch=amd64" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # Security Contexts
 @test "server/ha-StatefulSet: uid default" {

test/unit/server-statefulset.bats

@@ -738,7 +738,7 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
-@test "server/standalone-StatefulSet: affinity can be set" {
+@test "server/standalone-StatefulSet: affinity can be set as string" {
   cd `chart_dir`
   local actual=$(helm template \
       --show-only templates/server-statefulset.yaml  \
@@ -748,6 +748,17 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "server/standalone-StatefulSet: affinity can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.affinity.podAntiAffinity=foobar' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+
 @test "server/standalone-StatefulSet: tolerations not set by default" {
   cd `chart_dir`
   local actual=$(helm template \
@@ -757,7 +768,7 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
-@test "server/standalone-StatefulSet: tolerations can be set" {
+@test "server/standalone-StatefulSet: tolerations can be set as string" {
   cd `chart_dir`
   local actual=$(helm template \
       --show-only templates/server-statefulset.yaml  \
@@ -767,6 +778,16 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "server/standalone-StatefulSet: tolerations can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set "server.tolerations[0].foo=bar,server.tolerations[1].baz=qux" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 @test "server/standalone-StatefulSet: nodeSelector is not set by default" {
   cd `chart_dir`
   local actual=$(helm template \
@@ -776,7 +797,7 @@ load _helpers
   [ "${actual}" = "null" ]
 }
 
-@test "server/standalone-StatefulSet: specified nodeSelector" {
+@test "server/standalone-StatefulSet: specified nodeSelector as string" {
   cd `chart_dir`
   local actual=$(helm template \
       --show-only templates/server-statefulset.yaml \
@@ -786,6 +807,16 @@ load _helpers
   [ "${actual}" = "testing" ]
 }
 
+@test "server/standalone-StatefulSet: nodeSelector can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set "server.nodeSelector.beta\.kubernetes\.io/arch=amd64" \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # extraInitContainers