From fbad56197fd728e70aa1baebd586f01b0973b3a7 Mon Sep 17 00:00:00 2001 From: Tingluo Huang Date: Tue, 31 Jan 2023 17:04:03 -0500 Subject: [PATCH] Allow provide pre-defined kubernetes secret when helm-install AutoScalingRunnerSet (#2234) --- .../templates/_helpers.tpl | 8 ++ .../templates/githubsecret.yaml | 2 + .../tests/template_test.go | 78 +++++++++++++++++++ charts/auto-scaling-runner-set/values.yaml | 8 ++ 4 files changed, 96 insertions(+) diff --git a/charts/auto-scaling-runner-set/templates/_helpers.tpl b/charts/auto-scaling-runner-set/templates/_helpers.tpl index 13889c0a..d4ca939f 100644 --- a/charts/auto-scaling-runner-set/templates/_helpers.tpl +++ b/charts/auto-scaling-runner-set/templates/_helpers.tpl @@ -51,7 +51,15 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{- define "auto-scaling-runner-set.githubsecret" -}} + {{- if kindIs "string" .Values.githubConfigSecret }} + {{- if not (empty .Values.githubConfigSecret) }} +{{- .Values.githubConfigSecret }} + {{- else}} +{{- fail "Values.githubConfigSecret is required for setting auth with GitHub server." }} + {{- end }} + {{- else }} {{- include "auto-scaling-runner-set.fullname" . }}-github-secret + {{- end }} {{- end }} {{- define "auto-scaling-runner-set.noPermissionServiceAccountName" -}} diff --git a/charts/auto-scaling-runner-set/templates/githubsecret.yaml b/charts/auto-scaling-runner-set/templates/githubsecret.yaml index 73e84a7a..4374f833 100644 --- a/charts/auto-scaling-runner-set/templates/githubsecret.yaml +++ b/charts/auto-scaling-runner-set/templates/githubsecret.yaml @@ -1,3 +1,4 @@ +{{- if not (kindIs "string" .Values.githubConfigSecret) }} apiVersion: v1 kind: Secret metadata: @@ -35,3 +36,4 @@ data: {{- if and $hasAppId (or (not $hasInstallationId) (not $hasPrivateKey)) }} {{- fail "A valid .Values.githubConfigSecret is required for setting auth with GitHub server, provide .Values.githubConfigSecret.github_app_installation_id and .Values.githubConfigSecret.github_app_private_key." }} {{- end }} +{{- end}} \ No newline at end of file diff --git a/charts/auto-scaling-runner-set/tests/template_test.go b/charts/auto-scaling-runner-set/tests/template_test.go index 099b24b6..954b8d29 100644 --- a/charts/auto-scaling-runner-set/tests/template_test.go +++ b/charts/auto-scaling-runner-set/tests/template_test.go @@ -124,6 +124,28 @@ func TestTemplateRenderedGitHubSecretErrorWithMissingAppInput(t *testing.T) { assert.ErrorContains(t, err, "provide .Values.githubConfigSecret.github_app_installation_id and .Values.githubConfigSecret.github_app_private_key") } +func TestTemplateNotRenderedGitHubSecretWithPredefinedSecret(t *testing.T) { + t.Parallel() + + // Path to the helm chart we will test + helmChartPath, err := filepath.Abs("../../auto-scaling-runner-set") + require.NoError(t, err) + + releaseName := "test-runners" + namespaceName := "test-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + SetValues: map[string]string{ + "githubConfigUrl": "https://github.com/actions", + "githubConfigSecret": "pre-defined-secret", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + } + + _, err = helm.RenderTemplateE(t, options, helmChartPath, releaseName, []string{"templates/githubsecret.yaml"}) + assert.ErrorContains(t, err, "could not find template templates/githubsecret.yaml in chart", "secret should not be rendered since a pre-defined secret is provided") +} + func TestTemplateRenderedSetServiceAccountToNoPermission(t *testing.T) { t.Parallel() @@ -631,3 +653,59 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableKubernetesMode(t *testing.T) assert.Equal(t, "work", ars.Spec.Template.Spec.Volumes[0].Name) assert.NotNil(t, ars.Spec.Template.Spec.Volumes[0].Ephemeral, "Template.Spec should have 1 ephemeral volume") } + +func TestTemplateRenderedAutoScalingRunnerSet_UsePredefinedSecret(t *testing.T) { + t.Parallel() + + // Path to the helm chart we will test + helmChartPath, err := filepath.Abs("../../auto-scaling-runner-set") + require.NoError(t, err) + + releaseName := "test-runners" + namespaceName := "test-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + SetValues: map[string]string{ + "githubConfigUrl": "https://github.com/actions", + "githubConfigSecret": "pre-defined-secrets", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + } + + output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"}) + + var ars v1alpha1.AutoscalingRunnerSet + helm.UnmarshalK8SYaml(t, output, &ars) + + assert.Equal(t, namespaceName, ars.Namespace) + assert.Equal(t, "test-runners", ars.Name) + + assert.Equal(t, "auto-scaling-runner-set", ars.Labels["app.kubernetes.io/name"]) + assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"]) + assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl) + assert.Equal(t, "pre-defined-secrets", ars.Spec.GitHubConfigSecret) +} + +func TestTemplateRenderedAutoScalingRunnerSet_ErrorOnEmptyPredefinedSecret(t *testing.T) { + t.Parallel() + + // Path to the helm chart we will test + helmChartPath, err := filepath.Abs("../../auto-scaling-runner-set") + require.NoError(t, err) + + releaseName := "test-runners" + namespaceName := "test-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + SetValues: map[string]string{ + "githubConfigUrl": "https://github.com/actions", + "githubConfigSecret": "", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + } + + _, err = helm.RenderTemplateE(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"}) + require.Error(t, err) + + assert.ErrorContains(t, err, "Values.githubConfigSecret is required for setting auth with GitHub server") +} diff --git a/charts/auto-scaling-runner-set/values.yaml b/charts/auto-scaling-runner-set/values.yaml index 2ee11db6..6494ecda 100644 --- a/charts/auto-scaling-runner-set/values.yaml +++ b/charts/auto-scaling-runner-set/values.yaml @@ -13,6 +13,14 @@ githubConfigSecret: ### GitHub PAT Configuration github_token: "" +## If you have a pre-define Kubernetes secret in the same namespace the auto-scaling-runner-set is going to deploy, +## you can also reference it via `githubConfigSecret: pre-defined-secret`. +## You need to make sure your predefined secret has all the required secret data set properly. +## For a pre-defined secret using GitHub PAT, the secret needs to be created like this: +## > kubectl create secret generic pre-defined-secret --namespace=my_namespace --from-literal=github_token='ghp_your_pat' +## For a pre-defined secret using GitHub App, the secret needs to be created like this: +## > kubectl create secret generic pre-defined-secret --namespace=my_namespace --from-literal=github_app_id=123456 --from-literal=github_app_installation_id=654321 --from-literal=github_app_private_key='-----BEGIN CERTIFICATE-----*******' +# githubConfigSecret: pre-defined-secret ## maxRunners is the max number of runners the auto scaling runner set will scale up to. # maxRunners: 5