You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
278 lines
17 KiB
Clojure
278 lines
17 KiB
Clojure
(ns dda.c4k-website.website-test
|
|
(:require
|
|
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
|
[clojure.spec.test.alpha :as st]
|
|
[dda.c4k-common.test-helper :as th]
|
|
[dda.c4k-common.base64 :as b64]
|
|
[dda.c4k-website.website :as cut]
|
|
[clojure.spec.alpha :as s]))
|
|
|
|
(st/instrument `cut/generate-http-ingress)
|
|
(st/instrument `cut/generate-https-ingress)
|
|
(st/instrument `cut/generate-nginx-configmap)
|
|
(st/instrument `cut/generate-nginx-deployment)
|
|
(st/instrument `cut/generate-nginx-service)
|
|
(st/instrument `cut/generate-website-content-volume)
|
|
(st/instrument `cut/generate-website-certificate)
|
|
(st/instrument `cut/generate-website-build-cron)
|
|
(st/instrument `cut/generate-website-build-deployment)
|
|
(st/instrument `cut/generate-website-build-secret)
|
|
|
|
(deftest should-be-valid-website-auth-spec
|
|
(is (true? (s/valid? cut/auth? {:auth
|
|
[{:unique-name "test.io"
|
|
:username "someuser"
|
|
:authtoken "abedjgbasdodj"}
|
|
{:unique-name "example.io"
|
|
:username "someuser"
|
|
:authtoken "abedjgbasdodj"}]}))))
|
|
|
|
(deftest should-be-valid-website-conf-spec
|
|
(is (true? (s/valid? cut/config? {:issuer "staging"
|
|
:websites
|
|
[{:unique-name "test.io" ;
|
|
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
|
|
:gitea-host "gitlab.de"
|
|
:gitea-repo "repo"
|
|
:branchname "main"}
|
|
{:unique-name "example.io"
|
|
:fqdns ["example.org", "www.example.com"]
|
|
:gitea-host "finegitehost.net"
|
|
:gitea-repo "repo"
|
|
:branchname "main"}]}))))
|
|
|
|
(deftest should-generate-http-ingress
|
|
(is (= {:apiVersion "networking.k8s.io/v1",
|
|
:kind "Ingress",
|
|
:metadata
|
|
{:name "test-io-http-ingress",
|
|
:namespace "default",
|
|
:annotations
|
|
#:traefik.ingress.kubernetes.io{:router.entrypoints "web",
|
|
:router.middlewares "default-redirect-https@kubernetescrd"}},
|
|
:spec
|
|
{:rules
|
|
[{:host "test.de",
|
|
:http
|
|
{:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}
|
|
{:host "www.test.de",
|
|
:http
|
|
{:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}
|
|
{:host "test-it.de",
|
|
:http
|
|
{:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}
|
|
{:host "www.test-it.de",
|
|
:http
|
|
{:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}]}}
|
|
(cut/generate-website-http-ingress {:unique-name "test.io"
|
|
:gitea-host "gitea.evilorg"
|
|
:gitea-repo "none"
|
|
:branchname "mablain"
|
|
:issuer "prod"
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
|
|
|
|
(deftest should-generate-https-ingress
|
|
(is (= {:apiVersion "networking.k8s.io/v1",
|
|
:kind "Ingress",
|
|
:metadata
|
|
{:name "test-io-https-ingress",
|
|
:namespace "default",
|
|
:annotations #:traefik.ingress.kubernetes.io{:router.entrypoints "websecure", :router.tls "true"}},
|
|
:spec
|
|
{:tls [{:hosts ["test.de" "www.test.de" "test-it.de" "www.test-it.de"], :secretName "test-io-cert"}],
|
|
:rules
|
|
[{:host "test.de",
|
|
:http
|
|
{:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}
|
|
{:host "www.test.de",
|
|
:http
|
|
{:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}
|
|
{:host "test-it.de",
|
|
:http
|
|
{:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}
|
|
{:host "www.test-it.de",
|
|
:http
|
|
{:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}]}}
|
|
(cut/generate-website-https-ingress {:unique-name "test.io"
|
|
:gitea-host "gitea.evilorg"
|
|
:gitea-repo "none"
|
|
:branchname "mablain"
|
|
:issuer "prod"
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
|
|
|
|
(deftest should-generate-website-certificate
|
|
(is (= {:name-c1 "prod", :name-c2 "staging"}
|
|
(th/map-diff (cut/generate-website-certificate {:unique-name "test.io"
|
|
:gitea-host "gitea.evilorg"
|
|
:gitea-repo "none"
|
|
:branchname "mablain"
|
|
:issuer "prod"
|
|
:fqdns ["test.org" "test.de"]})
|
|
(cut/generate-website-certificate {:unique-name "test.io"
|
|
:gitea-host "gitea.evilorg"
|
|
:gitea-repo "none"
|
|
:branchname "mablain"
|
|
:issuer "staging"
|
|
:fqdns ["test.org" "test.de"]})))))
|
|
|
|
(deftest should-generate-nginx-configmap
|
|
(is (= {:website.conf-c1 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.de www.test.de test-it.de www.test-it.de; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
|
|
:website.conf-c2 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name example.de www.example.de example-by.de www.example-by.de; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
|
|
:name-c1 "test-io-configmap",
|
|
:name-c2 "example-io-configmap"}
|
|
(th/map-diff (cut/generate-nginx-configmap {:unique-name "test.io",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
|
(cut/generate-nginx-configmap {:unique-name "example.io",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["example.de" "www.example.de" "example-by.de" "www.example-by.de"]})))))
|
|
|
|
(deftest should-generate-nginx-deployment
|
|
(is (= {:apiVersion "apps/v1",
|
|
:kind "Deployment",
|
|
:metadata {:name "test-io-deployment"},
|
|
:spec
|
|
{:replicas 1,
|
|
:selector {:matchLabels {:app "test-io-nginx"}},
|
|
:template
|
|
{:metadata {:labels {:app "test-io-nginx"}},
|
|
:spec
|
|
{:containers
|
|
[{:name "test-io-nginx",
|
|
:image "nginx:latest",
|
|
:imagePullPolicy "IfNotPresent",
|
|
:ports [{:containerPort 80}],
|
|
:volumeMounts
|
|
[{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"}
|
|
{:mountPath "/var/log/nginx", :name "log"}
|
|
{:mountPath "/var/www/html/website", :name "website-content-volume", :readOnly true}
|
|
{:mountPath "/etc/certs", :name "website-cert", :readOnly true}]}],
|
|
:volumes
|
|
[{:name "nginx-config-volume",
|
|
:configMap
|
|
{:name "test-io-configmap",
|
|
:items
|
|
[{:key "nginx.conf", :path "nginx.conf"}
|
|
{:key "website.conf", :path "conf.d/website.conf"}
|
|
{:key "mime.types", :path "mime.types"}]}}
|
|
{:name "log", :emptyDir {}}
|
|
{:name "website-content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
|
|
{:name "website-cert",
|
|
:secret
|
|
{:secretName "test-io-cert", :items [{:key "tls.crt", :path "tls.crt"} {:key "tls.key", :path "tls.key"}]}}]}}}}
|
|
(cut/generate-nginx-deployment {:unique-name "test.io",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
|
|
|
|
(deftest should-generate-nginx-service
|
|
(is (= {:name-c1 "test-io-service",
|
|
:name-c2 "test-org-service",
|
|
:app-c1 "test-io-nginx",
|
|
:app-c2 "test-org-nginx"}
|
|
(th/map-diff (cut/generate-nginx-service {:unique-name "test.io",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
|
(cut/generate-nginx-service {:unique-name "test.org",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
|
|
|
(deftest should-generate-website-build-cron
|
|
(is (= {:apiVersion "batch/v1beta1",
|
|
:kind "CronJob",
|
|
:metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "website"}},
|
|
:spec
|
|
{:schedule "1,7,14,21,28,35,42,49,54,59 * * * *",
|
|
:successfulJobsHistoryLimit 1,
|
|
:failedJobsHistoryLimit 1,
|
|
:jobTemplate
|
|
{:spec
|
|
{:template
|
|
{:spec
|
|
{:containers
|
|
[{:image "domaindrivenarchitecture/c4k-website-build",
|
|
:name "test-io-build-app",
|
|
:imagePullPolicy "IfNotPresent",
|
|
:command ["/entrypoint.sh"],
|
|
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
|
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
|
|
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}],
|
|
:restartPolicy "OnFailure"}}}}}}
|
|
(cut/generate-website-build-cron {:unique-name "test.io",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
|
|
|
|
(deftest should-generate-website-build-deployment
|
|
(is (= {:apiVersion "apps/v1",
|
|
:kind "Deployment",
|
|
:metadata {:name "test-io-build-deployment"},
|
|
:spec
|
|
{:replicas 0,
|
|
:selector {:matchLabels {:app "test-io-builder"}},
|
|
:strategy {:type "Recreate"},
|
|
:template
|
|
{:metadata
|
|
{:labels {:app "test-io-builder", :app.kubernetes.io/name "test-io-builder", :app.kubernetes.io/part-of "website"}},
|
|
:spec
|
|
{:containers
|
|
[{:image "domaindrivenarchitecture/c4k-website-build",
|
|
:name "test-io-build-app",
|
|
:imagePullPolicy "IfNotPresent",
|
|
:command ["/entrypoint.sh"],
|
|
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
|
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
|
|
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}]}}}}
|
|
(cut/generate-website-build-deployment {:unique-name "test.io",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
|
|
|
|
(deftest should-generate-website-build-secret
|
|
(is (= {:name-c1 "test-io-secret",
|
|
:name-c2 "test-org-secret",
|
|
:AUTHTOKEN-c1 (b64/encode "token1"),
|
|
:AUTHTOKEN-c2 (b64/encode "token2"),
|
|
:GITREPOURL-c1 (b64/encode "https://gitlab.org/api/v1/repos/dumpty/websitebau/archive/testname.zip"),
|
|
:GITREPOURL-c2 (b64/encode "https://github.com/api/v1/repos/humpty/websitedachs/archive/testname.zip")}
|
|
(th/map-diff (cut/generate-website-build-secret {:unique-name "test.io",
|
|
:authtoken "token1",
|
|
:gitea-host "gitlab.org",
|
|
:gitea-repo "websitebau",
|
|
:username "dumpty",
|
|
:branchname "testname"})
|
|
(cut/generate-website-build-secret {:unique-name "test.org",
|
|
:authtoken "token2",
|
|
:gitea-host "github.com",
|
|
:gitea-repo "websitedachs",
|
|
:username "humpty",
|
|
:branchname "testname"})))))
|
|
|
|
(deftest should-generate-website-content-volume
|
|
(is (= {:name-c1 "test-io-content-volume",
|
|
:name-c2 "test-org-content-volume",
|
|
:app-c1 "test-io-nginx",
|
|
:app-c2 "test-org-nginx"}
|
|
(th/map-diff (cut/generate-website-content-volume {:unique-name "test.io",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
|
(cut/generate-website-content-volume {:unique-name "test.org",
|
|
:gitea-host "gitea.evilorg",
|
|
:gitea-repo "none",
|
|
:branchname "mablain",
|
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|